Ordered Linear Logic and Applicationsreports-archive.adm.cs.cmu.edu/anon/2001/CMU-CS-01-152.pdf · Linear logic was originally conceived as a classical logic. It is classical in the

Ordered Linear Logic and Applications

Jeff Polakow

August 2001

CMU-CS-01-152

School of Computer Science

Carnegie Mellon University

Pittsburgh, PA 15213

Submitted in partial fulfillment of the requirements

for the degree of Doctor of Philosophy.

Thesis Committee:

Frank Pfenning, Chair

Robert Harper

John Reynolds

Dana Scott

Dale Miller, Pennsylvania State University

Copyright c© 2001 Jeff Polakow

This research was supported in part by the National Science Foundation under grants CCR-9804014

and CCR-9619584.

This work is dedicated to my parents.

Acknowledgments

Firstly, and foremost, I would like to thank my principal advisor, Frank

Pfenning, for his patience with me, and for teaching me most of what I

know about logic and type theory.

I would also like to acknowledge some useful discussions with Kevin

Watkins which led me to simplify some of this work.

Finally, I would like to thank my other advisor, John Reynolds, for all

his kindness and support over the last five years.

Abstract

This thesis introduces a new logical system, ordered linear logic, which

combines reasoning with unrestricted, linear, and ordered hypotheses. The

logic conservatively extends (intuitionistic) linear logic, which contains

both unrestricted and linear hypotheses, with a notion of ordered hy-

potheses. Ordered hypotheses must be used exactly once, subject to the

order in which they were assumed (i.e., their order cannot be changed

during the course of a derivation). This ordering constraint allows for log-

ical representations of simple data structures such as stacks and queues.

We construct ordered linear logic in the style of Martin-Lof from the ba-

sic notion of a hypothetical judgement. We then show normalization for

the system by constructing a sequent calculus presentation and proving

cut-elimination of the sequent system.

After introducing the basic logical system, we show how to extend tech-

niques from linear logic to achieve an ordered logic programming language,

Olli, and an ordered logical framework, OLF. Olli and OLF allow quite

elegant encodings of situations involving simple data structures which are

not possible without ordered hypotheses. Example Olli programs include

a translator to and from deBruijn notation, and a breadth-first graph

traversal program. The major OLF application presented in this disser-

tation is an analysis of some syntactic properties of the CPS transform.

8

Contents

1 Introduction 13

I Ordered Linear Logic 19

2 Ordered Linear Logic 21

2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.2 Judgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.3 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.4 Unrestricted Hypothetical Judgements . . . . . . . . . . . . . . . . . 23

2.5 Linear Hypothetical Judgements . . . . . . . . . . . . . . . . . . . . . 30

2.6 Ordered Hypothetical Judgements . . . . . . . . . . . . . . . . . . . . 34

2.7 Combined Reasoning . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.8 Modalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

2.9 Other Approaches to Combined Reasoning . . . . . . . . . . . . . . . 42

2.10 Derivation Rules for Ordered Linear Logic . . . . . . . . . . . . . . . 44

2.11 Properties of Ordered Linear Logic . . . . . . . . . . . . . . . . . . . 45

3 Normal Deductions 49

3.1 Normal Deductions for Ordered Linear Logic . . . . . . . . . . . . . . 50

3.2 Properties of Normal Deductions . . . . . . . . . . . . . . . . . . . . 52

3.3 Directed Deductions . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

9

4 Sequent Calculus 55

4.1 Sequent Calculus for Ordered Linear Logic . . . . . . . . . . . . . . . 56

4.2 Admissibility of Cut . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.3 Sequent Calculus With Cut . . . . . . . . . . . . . . . . . . . . . . . 62

5 Normalization for Ordered Linear Logic 65

5.1 Normal Deductions and Cut-Free Sequents . . . . . . . . . . . . . . . 67

5.2 Directed Deductions and Sequents with Cut . . . . . . . . . . . . . . 70

5.3 Normalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

II Ordered Linear Logic Programming 73

6 Uniform Derivations 75

6.1 Uniform Fragment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

6.2 Uniform Derivation System . . . . . . . . . . . . . . . . . . . . . . . 77

7 Residuation 87

7.1 Extended Uniform Derivations . . . . . . . . . . . . . . . . . . . . . . 88

7.2 Residuation of Mobile Hypotheses . . . . . . . . . . . . . . . . . . . . 91

8 Lazy Context Splitting 97

8.1 An Ordered IO System . . . . . . . . . . . . . . . . . . . . . . . . . . 97

8.2 Resource Management System for OLL . . . . . . . . . . . . . . . . . 102

8.3 Correctness of RMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

9 Lazy Erasure 111

9.1 Making > Deterministic . . . . . . . . . . . . . . . . . . . . . . . . . 111

9.2 Correctness of >-flags System . . . . . . . . . . . . . . . . . . . . . . 118

10 Ordered Linear Logic Programming 127

10

10.1 Olli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

10.2 Simple Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

10.3 Translating to deBruijn Notation . . . . . . . . . . . . . . . . . . . . 133

10.4 Mini-ML Abstract Machine . . . . . . . . . . . . . . . . . . . . . . . 137

10.5 Mergesort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

10.6 Breadth-First Tree Numbering . . . . . . . . . . . . . . . . . . . . . . 144

10.7 Breadth-First Search Graph Numbering . . . . . . . . . . . . . . . . . 145

10.8 Parsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

11 Eager Failure 151

11.1 Failing Earlier in Linear Logic . . . . . . . . . . . . . . . . . . . . . . 151

11.2 Extension to Ordered Contexts . . . . . . . . . . . . . . . . . . . . . 154

11.3 Strict Derivation System . . . . . . . . . . . . . . . . . . . . . . . . . 156

11.4 Correctness of Strict Derivations . . . . . . . . . . . . . . . . . . . . . 161

11.5 Strictness Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

11.6 Implementation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 168

III Ordered Logical Framework 171

12 Ordered Types 173

12.1 Proof Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

12.2 Canonical Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

13 Ordered Logical Framework 193

13.1 Ordered Logical Framework . . . . . . . . . . . . . . . . . . . . . . . 194

13.2 Typing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

13.3 Definitional Equality . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

13.4 Properties of Typing and Equality . . . . . . . . . . . . . . . . . . . . 202

11

14 Algorithmic Equality 209

14.1 Completeness of Algorithmic Equality . . . . . . . . . . . . . . . . . . 215

14.2 Soundness of Algorithmic Equality . . . . . . . . . . . . . . . . . . . 219

15 Decidability and Canonical Forms 223

15.1 Decidability of Equality . . . . . . . . . . . . . . . . . . . . . . . . . 223

15.2 Decidability of OLF Type-Checking . . . . . . . . . . . . . . . . . . . 225

15.3 Canonical Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

15.4 DeBruijn Terms in OLF . . . . . . . . . . . . . . . . . . . . . . . . . 234

16 CPS Analysis in OLF 239

16.1 CPS terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

16.2 Ordered Logical Framework Representation . . . . . . . . . . . . . . 242

16.2.1 DS Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

16.2.2 CPS Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

16.3 CPS Transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

16.4 Bare Abstract Machine . . . . . . . . . . . . . . . . . . . . . . . . . . 249

16.5 Stack Abstract Machine . . . . . . . . . . . . . . . . . . . . . . . . . 252

16.6 Bare and Stack Equivalence . . . . . . . . . . . . . . . . . . . . . . . 256

16.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

IV Conclusions 265

17 Conclusions and Future Work 267

12

Chapter 1

Introduction

Now, it is the contention of the intuitionists ... that the basic mathematical

notions, above all the notion of function, ought to be interpreted in such a way

that the cleavage between mathematics, classical mathematics, that is, and

programming that we are witnessing at present disappears.

— Per Martin-Lof

Constructive Mathematics and Computer Programming [34]

It has long been known that there are strong connections between intuitionis-

tic logic and computation. The Curry-Howard isomorphism [30] between well-typed

functional programs and constructive proofs gives a logical interpretation of pure

functional computation. Thus each expression, of a particular type, represents a

proof of that type viewed as a formula in intuitionistic logic. Having a type system

with a logical intuition gives a computational intuition. For example, pursuing the

Curry-Howard isomorphism a little further, we arrive at the understanding of ex-

pression evaluation as partial proof normalization. Since we know intuitionistic logic

is normalizing, we immediately know any well-typed expression in a pure functional

language will evaluate to a value. Even when considering real functional languages,

which might contain unrestricted recursion or effects, a logically motivated type sys-

tem is useful. Type inference algorithms, for instance, are based on a logical meaning

of types and the proof theory behind that logic.

A further use of the logical intuition behind a type system is in the area of log-

ical frameworks. A logical framework is essentially a formal language in which a

13

deductive system can be defined and reasoned about. LF [23] is a particular logi-

cal framework based on dependent types, i.e., the meta-language is dependent type

theory. Examples of systems which have been represented in LF include compiler

verification, Mini-ML with its meta-theory, and the Church-Rosser theorem. Fur-

thermore Twelf [48], a concrete implementation of LF, has been used as a tool to

help in the discovery of new proofs; most notably a new proof of cut-elimination for

classical, intuitionistic and linear logic was discovered with the system’s help [45, 44].

The ability to “reason” within the type system, and the insights necessary for its

implementation come from the logical interpretation of the types.

A different method of connecting intuitionistic logic and computation is found in

the logic programming paradigm. A logic program is simply a collection of predicates

(over some term language) and formulas which specify when predicates are true. A

query, for a program, is a formula constructed from the same set of predicates as

the program. Execution of a logic program corresponds to proving a query, following

a fixed operational semantics, using the program formulas. If a query is provable

then we know that a specific relationship, represented by the logic program, holds

between the terms in the query. Additionally, all existentially quantified variables

in a query must be instantiated by the proof of that query. The “witnesses” for a

query’s existential variable will also be returned when a sucessful proof is found.

In this setting, computation is a by-product of proof search. Thus the proof search

algorithm used in a logic programming language must be relatively simple– the pro-

grammer must understand how a program will execute– and must have a reasonable

computational interpetation, i.e., the operational semantics should allow us to eas-

ily think of a collection of formulas as a program. Although originally conceived

within classical logic, the above mentioned existential property clearly places logic

programming in the realm of intuitionistic logic.

While intuitionistic logic itself is useful as a logic for describing computations,

there are many aspects of computation which fall outside its scope. Knowing a func-

tion has type A→ B only conveys that the function expects an argument, of type

A, and produces a result, of type B. It tells us nothing about how, or even if, the

function’s argument is used. For this reason, researchers have been examining the

computational content of richer logics hoping to find logical explanations for known

phenomena as well as new possibilities for language constructs. Along these lines,

linear logic [21] has received considerable attention in the programming language

14

community over the past decade.

Unlike intuitionistic logic, linear logic can be used to express some information

about how a function uses its argument. A linear function, of type A−B, must use its

argument exactly once. This little bit of extra information has been used to describe a

wide range of existing language phenomena from the difference between side-effecting

and non-side-effecting functions [60] to the absence of snapback in Idealized Algol [39].

Additionally, linear logic has been used as the basis for a type system which guarantees

polynomial runtime of well-typed programs [29]. Furthermore, logic programming

systems and logical frameworks based on linear logic can encode state at the logical

level. This is an improvement (at the very least in terms of elegance) over similar

systems based on intuitionistic logic which must encode state at the term level.

The key difference between linear logic and intuitionistic logic is in the notion

of how a hypothesis may be used. Intuitionistic logic places no constraints upon

hypotheses; they may be ignored or repeatedly used. For this reason, we will refer

to intuitionistic logic as unrestricted logic and, from this point on, reserve the de-

scription “intuitionistic” for a more general property as described below. In contrast,

linear logic requires hypotheses to be used exactly once, hence the name linear. This

restriction on hypothesis usage has far reaching consequences which make linear logic

quite different from unrestricted logic. In Section 2.5, we shall treat this topic in some

detail.

Linear logic was originally conceived as a classical logic. It is classical in the sense

that DeMorgan laws hold and implication may be defined in terms of disjunction

and negation. Thus, linear logic can be presented as a single-sided sequent system

without the notion of hypotheses. There is an “intuitionistic” version of linear logic

in which the notion of hypotheses entailing a goal is primitive. From this point on,

all references to linear logic shall refer to the intuitionistic variant. It is this property

of a logic, having a primitive notion of entailment, for which we will use the word

intuitionistic.

This thesis introduces a new intuitionistic logical system, ordered linear logic,

which can express more information about hypotheses than linear logic. Specifically,

we will be able to convey some information about the order of hypotheses in context.

In unrestricted and linear logic, the active hypotheses at any point in a proof have

no order. Thus there is no way to directly encode, at the logical level, that one

hypothesis was assumed before another. Ordered linear logic imposes an order on the

15

active hypotheses which can be used to formulate such encodings.

Other logical systems with an inherent notion of ordering exist [61, 56, 1]. How-

ever, none of these logics are intuitionistic. While intuitionistic versions for some of

these systems exist, current research seems to be focussed primarily on the classical

presentations. We feel that an ordered logical system fundamentally based on the

notion of hypothetical reasoning, in the same manner as other intuitionistic logics,

will be of use to the programming language community. It might also take another

step towards removing the cleavage lamented by the intuitionists.

This thesis shows that an intuitionistic logic with a notion of order on hypotheses is

a useful tool for programming language applications. Towards this end, in addition to

introducing ordered linear logic, we will also show several applications of the system

to logic programming and logical frameworks. To further bolster the decision to

explore an intuitionistic logic, we point out that analogous applications for classical

ordered logics are complicated by the complexity of the systems and the lack of a

clear computational interpretation.

This thesis is divided into three parts. The first part formally introduces ordered

linear logic and demonstrates that the system makes sense as a logical system. The

logic is motivated by a review and analysis of the reasoning systems for the three

types of hypotheses (unrestricted, linear, ordered) previously mentioned. Ordered

linear logic itself integrates the use of the different kinds of hypotheses into one logical

system. The logic is developed in the style of Martin-Lof from the basic notion of a

hypothetical judgement. In addition to a natural deduction system, we also develop

a sequent system, through which we show normalization, and which will be the basis

of our investigation of proof search in ordered linear logic.

The second part of the thesis demonstrates how we may base a logic programming

language on ordered linear logic. The language we build, christened Olli, follows in

the footsteps of λProlog [36] and its linear extension Lolli [27]1. A logic programming

interpreter may be intuitively thought of as a specialized theorem prover for which

proof search is both efficient and amenable to a direct computational interpretation.

We first identify a fragment of the logic, the uniform fragment, with particularly

strong proof theoretic properties. Basing Olli on the uniform fragment provides the

computational interpretation, see [37]; additionally, the uniform fragment will be the

1Lolli is not quite an extension of λProlog since it lacks some higher-order features, e.g., higher-

order predicates.

16

basis of a logical framework based on ordered linear logic, which is discussed in the

third part of the dissertation. Thereafter, we concentrate on extending techniques

developed for efficient linear logic proof search to the ordered case. We also include a

chapter with a collection of Olli example programs which show how to use ordered hy-

potheses as a logical data structure. Example programs include a translation between

lambda terms (represented via higher-order abstract syntax) and deBruijn notation

terms, a merge sort, a breadth-first graph traversal, and a small natural language

parser which handles unbounded dependencies.

The third part of the thesis shows how we may use ordered linear logic to con-

struct a LF-style logical framework. We begin by formalizing the ordered type system

implicit within the logic which gives us an ordered lambda calculus. We show that

canonical forms (necessary for a logical framework) exist for the fragment of the calcu-

lus corresponding to the uniform fragment of the logic. We next add dependent types

to the system, in a similar fashion as LLF [11], to get an ordered logical framework.

We show that type checking remains decidable and that a suitable notion of canonical

forms still exist. We show how the deBruijn translation Olli program may be viewed

as a formal, LF-style, representation of the (informal) translation between lambda

terms and deBruijn terms. We also show how the ordered logical framework provides

an elegant means of analysing some syntactic properties of the CPS transform.

Finally, this thesis concludes with a broad summary and some thoughts on future

work.

Preliminary parts of this dissertation were previously published as [51, 52, 53, 49].

17

18

Part I

Ordered Linear Logic

19

Chapter 2


2.1 Overview

Ordered linear logic is a logic which combines reasoning with unrestricted, linear

and ordered hypotheses. Unrestricted hypotheses may be used arbitrarily often, or

not at all regardless of the order in which they were assumed. Linear hypotheses

must be used exactly once, also without regard to the order of their assumption.

Ordered hypotheses must be used exactly once subject to the order in which they

were assumed. All of these modes of reasoning independently lead to coherent logical

systems which have been (and continue to be) studied in their own right– intuitionistic

logic, purely linear logic, and Lambek calculus.

However, these modes of reasoning are not mutually exclusive. For instance, in-

tuitionistic linear logic can be construed as a logic combining linear and unrestricted

reasoning. This combination results in a coherent logical system which allows one

to use both styles of reasoning side-by-side. Thus intuitionistic linear logic is a con-

servative extension of intuitionistic logic since intuitionistic linear logic encompasses

unrestricted reasoning. In the same manner, ordered linear logic is a conservative

extension of intuitionistic linear logic.

This chapter reviews unrestricted, linear, and ordered reasoning before combining

them to get ordered linear logic. After (re)constructing a formal system for each style

of reasoning, we shall turn to the question of how to combine them into a coherent

logical system. Finally, we give a complete presentation of ordered linear logic.

21

2.2 Judgements

We treat the hypothetical judgement, with an associated substitution principle, as

the fundamental concept from which a (intuitionistic) logic, or reasoning system, is

built. Therefore we shall take as basic three kinds of hypothetical judgement for the

three reasoning styles we will review.

We view logical connectives as internalizations of the informal reasoning which

makes sense for the hypothetical judgement. Thus we will describe logical connec-

tives by means of introduction and elimination rules as usual for natural deduction

systems. The introduction rules explain how to construct a proof of a formula, while

the elimination rules tell us how to use a formula. From another viewpoint, intro-

duction rules describe what information is stored in a connective while elimination

rules describe what information may be obtained from a connective. Thus we have a

litmus test for possible connectives– can we get out as much information as we put

in?

This condition can be formalized in two different ways. If we construct a proof of

a formula and then deconstruct it (i.e., apply one of its elimination rules) , we should

get back the information we started with. This property is captured by the notion

of local reduction and corresponds to β-reduction under the Curry-Howard isomor-

phism. We also note that we want this property to hold for all possible construc-

tion/deconstruction combinations. Additionally, a formula should contain enough

information to reconstruct a proof of itself; that is to say its proof should be con-

structable solely from its constituent parts. This property is captured by the concept

of local expansions and corresponds to η-expansion under the Curry-Howard isomor-

phism. We shall only consider using logical connectives which satisfy both of these

properties.

2.3 Notation

This section summarizes the notation we shall use in this chapter. All syntactic classes

(i.e. x, B, Ω, etc.) can also be subscripted or primed.

For the sake of simplicity, we shall restrict ourselves to presenting first order logical

systems. Thus we shall syntactically distinguish formulas from terms. We allow

atomic formulas to depend upon terms and only allow quantification over terms.

22

We use x, y, z to denote hypothesis labels and term variables.

We use t, s for terms and a, b for term parameters1.

We use A, B, C, etc... to denote formulas.

We use (x1:A1) . . . (xn:An) to denote a context, or list of labelled formula occur-

rences. If n is 0 then the context is empty. Note that we use juxtaposition, rather than

an explicit constructor, to form contexts. In order to have unambiguous proofs, we

require that all labels are unique in a given context. We tacitly assume this condition

holds for all contexts in the remainder of this thesis.

We use · to explicitly denote an empty context, or list.

We also use Γ, ∆, Ω to denote contexts. We also use juxtapostion to denote

context concatenation.

We use D, E to denote derivations.

We shall use the notation ∆ ./∆′ to denote the non-deterministic merging of two

contexts. We define the ./ relation as follows:

· ./ · = · ∆(y:A) ./ ∆′ = (∆ ./ ∆′)(y:A) ∆ ./ ∆′(y:A) = (∆ ./∆′)(y:A)

Note that ./ is commutative and associative.

2.4 Unrestricted Hypothetical Judgements

We begin by reviewing a logic with unrestricted hypotheses, or familiar old intuition-

istic logic. There are many informal semantics, or intuitions, which people use to

think about intuitionistic logic. However, for our purposes intuitionistic logic is a

way to reason about the ability to derive rather than the actual act of derivation

itself. Thus we will informally treat an intuitionistic logic derivation of A as meaning

we have the ability to derive A.

We start with a hypothetical judgement:

(x1:A1) . . . (xn:An) ` A

We shall interpret the judgement as: If we have the ability to derive each of the Ai

then we have the ability to derive A.

1The eigenvariables “generated” by ∀I and ∃E rules– see the end of section 2.4.

23

We shall use Γ to denote unrestricted contexts.

We want our unrestricted judgements to satisfy several structural properties2.

Namely, we do not want the derivability of judgements to depend upon the order of

the hypotheses, nor upon the presence of extra (unused) hypotheses, nor upon the

presence of redundant hypotheses. We formalize these properties as follows.

Structural Properties:

Exchange: ΓL(x1:A)(x2:B)ΓR ` C implies ΓL(x2:B)(x1:A)ΓR ` C.

Weakening: Γ ` A implies Γ(x:B) ` A.

Contraction: Γ(x1:A)(x2:A) ` B implies Γ(x1:A) ` B.

We will keep these properties in mind when designing the inference rules we will use.

After we have a full system, we will prove as a lemma that these properties hold.

Now that we have formally introduced the notation for our hypothetical judgement

and stated the structural properties it should satisfy, we must describe how to reason

with such judgements. The basic intuition behind a hypothetical judgement is that

we may assume we can derive the given hypotheses. We may then use hypotheses

instead of actual derivations while deriving the conclusion. Thus if we are given an

actual derivation of one of our hypotheses, we should be able to substitute this actual

derivation for the use of the hypothesis. We formalize this intuition with the following

substitution principle.

Substitution principle:

ΓL ` A and ΓL(x:A)ΓR ` C implies ΓLΓR ` C

Note that requiring the context for A to match part of the context for C will always be

achievable as long as the expected structural properties hold for the system.3 As with

the structural rules, we will keep this substitution principle in mind when designing

the inference rules and then formally prove that the substitution principle holds after

we have described the full system.

2Properties of hypotheses have historically been called structural.3We structure the substitution principle in this manner in anticipation of Chapter 13 where we

shall allow dependencies among the hypotheses.

24

The first inference rule we will want to form is the basic rule explaining how

hypotheses are used. As this rule comes from the nature of hypothetical judgements

and does not pertain to any logical connective, it is neither an introduction rule nor

an elimination rule.

Unrestricted hypothesis rule:

xΓL(x:A)ΓR ` A

The formulation of this rule ensures that exchange and weakening will hold for the

logic since neither the location of x nor the presence of unused hypotheses matters.

We now consider implication, which may be thought of as a reflection of the

hypothetical judgement into the logic itself since it allows us to express hypothetical

statements as formulas.

Unrestricted Implication:

Γ(x:A) ` B→I

Γ ` A→B

Γ ` A→B Γ ` A→E

Γ ` B

Note that we require the hypotheses of the premises to match those of the conclusion

in the elimination rule. This, when mirrored by all rules with multiple premises,

allows contraction to hold for the system without any explicit structural rules.

We now show that →, as characterized by its introduction and elimination rules,

satisfies our two criteria from Section 2.2 for logical connectives. We first show that

information is neither gained nor lost by constructing and then deconstructing a

derivation of →. This property is formalized by the following local reduction rule:

EΓ(x:A) ` B

→I

Γ ` A→B

DΓ ` A

→E

Γ ` B

=⇒E[D/x]

Γ ` B

The notation E[D/x] denotes the derivation E (which is a tree) with all occurrences

of the hypothesis rule x (which will all be leaves) replaced by the derivation D. Note

that this reduction is just an application of the substitution principle.

25

We now show that a derivation of→ contains sufficient information to reconstruct

itself. We formalize this property with the following local expansion rule:

DΓ ` A→B =⇒

D′

Γ(x:A) ` A→Bx

Γ(x:A) ` A→E

Γ(x:A) ` B →I

Γ ` A→B

where D′ is obtained from D by weakening.

We now turn to conjunction. We should be able to express in the logic the ability

to derive two conclusions. If we can derive both A and B, we shall use A & B to

reflect this fact in the logic. Furthermore, given that we know A& B, we should be

able to retrieve derivations of both A and B. Thus we will have two elimination rules.

Conjunction:

Γ ` A Γ ` B&I

Γ ` A&B

Γ ` A&B&E1

Γ ` AΓ ` A&B

&E2Γ ` B

Again note the contraction of hypotheses in the introduction rule.

Since there are two eliminations, there are two local reductions for & depending

on which elimination was used.

D1

Γ ` AD2

Γ ` B&I

Γ ` A&B&E1

Γ ` A

=⇒D1

Γ ` A

D1

Γ ` AD2

Γ ` B&I

Γ ` A&B&E2

Γ ` B

=⇒D2

Γ ` B

26

Here is the local expansion:

DΓ ` A&B =⇒

DΓ ` A&B

&E1

Γ ` A

DΓ ` A&B

&E2

Γ ` B&I

Γ ` A&B

We now consider truth, >, which can be thought of as the unit of &– we have

A&> ≡ A ≡ >&A where C ≡ D denotes that both C ` D and D ` C are derivable.

Truth is always derivable and thus carries no information. Consequently, there will

be no elimination rule since there is nothing to get out of a derivation of truth.

Truth:

>IΓ ` > no elimination rule for >.

Although there is no reduction (since there is no elimination rule) we do have

a notion of expansion. Any derivation of > can be “expanded” to an immediate

derivation of truth from the same hypotheses. While this is not actually an expansion

of the given proof, it is an expansion in the sense of reconstructing a proof of > from

its constituent parts (i.e., none).

DΓ ` > =⇒ >I

Γ ` >

We now consider disjunction, the dual concept to conjunction. If we can derive A

or we can derive B, we will express this in the logic as A⊕B.4 Furthermore, in order

to make use of a derivation of A⊕B, we must specify what to do in each case since

we do not know which of the disjuncts we actually have the ability to derive.

Note that there will be two different introduction rules for disjunction depending

on which conclusion we can actually derive. While these introduction rules are syn-

tactically dual to the conjunction elimination rules, our disjunction elimination rule

will have to break this syntactic duality.

4We use the notation ⊕ to be compatible with notation we will introduce later.

27

Disjunction:

Γ ` A ⊕I1Γ ` A⊕B

Γ ` A ⊕I2Γ ` A⊕B

Γ ` A⊕B Γ(x1:A) ` C Γ(x2:B) ` C⊕E

Γ ` C

Since there are two introductions, there will be two corresponding reductions which

rely upon the substitution principle.

DΓ ` A

⊕I1Γ ` A⊕B

E1

Γ(x1:A) ` CE2

Γ(x2:B) ` C⊕E

Γ ` C

=⇒E1[D/x1]

Γ ` C

DΓ ` B

⊕I2Γ ` A⊕B

E1

Γ(x1:A) ` CE2

Γ(x2:B) ` C⊕E

Γ ` C

=⇒E2[D/x2]

Γ ` C


DΓ ` A⊕B =⇒

DΓ ` A⊕B

x1

Γ(x1:A) ` A⊕I1

Γ(x1:A) ` A⊕B

x2

Γ(x2:B) ` B⊕I2

Γ(x2:B) ` A⊕B⊕E

Γ ` A⊕B

Finally we come to falsehood, 0,5 which may be thought of as the unit of ⊕. Just as

disjunction and conjunction are dual, 0 and > are dual. Since we want our logic to be

sound, there will be no introduction rule for 0. However, we will have an elimination

rule since there is no reason to prevent someone from assuming a derivation of 0.

Falsehood:

no introduction rule for 0.

Γ ` 00E

Γ ` C

Note that C is unconstrained; we can derive anything from a derivation of 0.

5Again we choose this notation to be forward compatible.

28

Since there is no introduction rule, there is no local reduction. However, there is

an expansion:

DΓ ` 0 =⇒

DΓ ` 0

0EΓ ` 0

For the sake of expressivity and completeness, we now consider quantification.

We will assume the standard two quantifiers, ∀ and ∃, and show that they are locally

sound and complete.

Universal quantification:

Γ ` A[a/x]∀aI

Γ ` ∀x. AΓ ` ∀x. A ∀EΓ ` A[t/x]

Note that a must not appear free in the conclusion of the introduction rule. This

can also be construed as another kind of judgement, usually called a parametric

judgement where a is the parameter. The key idea behind a parametric judgement is

that the parameter may be substituted by any term without affecting derivability of

the judgement.

We have the following reduction:

DΓ ` A[a/x]

∀aIΓ ` ∀x. A

∀EΓ ` A[t/x]

=⇒D[t/a]

Γ ` A[t/x]

And the following expansion:

DΓ ` ∀x. A =⇒

DΓ ` ∀x. A

∀EΓ ` A[a/x]

∀aIΓ ` ∀x. A

Existential quantification:

Γ ` A[t/x]∃I

Γ ` ∃x. AΓ ` ∃x. A Γ(u:A[a/x]) ` C

∃aEΓ ` C

29

Note that a must not appear free in A nor in the conclusion of the elimination rule.


DΓ ` A[t/x]

∃IΓ ` ∃x. A

EΓ(u:A[a/x]) ` C

∃aEΓ ` C

=⇒E[t/a][D/u]

Γ ` C

And the following expansion:

DΓ ` ∃x. A =⇒

DΓ ` ∃x. A

uΓ(u:A[a/x]) ` A[a/x]

∃IΓ(u:A[a/x]) ` ∃x. A

∃aEΓ ` ∃x. A

2.5 Linear Hypothetical Judgements

We now examine a logic based on linear hypotheses. Our basic hypothetical judgement

will be:

(y1:A1) . . . (yn:An) ` A

We use hypothesis tags yi to emphasize that these hypotheses are linear rather than

unrestricted. We shall interpret linear hypotheses as resources which must be used

exactly once. We can then interpret the judgement as: If we have all the resources

Ai (in any order) then we can derive A.

We use ∆ to denote linear contexts.

Since these hypotheses are linear, we do not want linear contexts to satisfy con-

traction or weakening. Therefore the only structural property which we want to build

into linear contexts is exchange.

Structural Properties:

Exchange: ∆L(x1:A)(x2:B)∆R ` C implies ∆L(x2:B)(x1:A)∆R ` C.

We now state the appropriate substitution principle for linear hypothetical judge-

ments which relates a derivation of A to a hypothesis A.

30

Substitution principle:

∆A ` A and ∆L(y:A)∆R ` C implies (∆L ./∆A)∆R ` C

Note that we re-emphasize, in this substitution principle, the irrelevance of hypothesis

ordering by combining the context needed for A and the context in which hypothesis

y appears with the non-deterministic merge, ./.

The hypothesis rule will look quite different from the previous one since weakening

should not hold for linear hypotheses. Actually, the absence of weakening forces the

rule to only allow one hypothesis– the one being used.

Linear hypothesis rule:

yy:A ` A

Because there can only be one hypothesis in this rule, we cannot concisely capture

the exchange property as we did in the previous system. Therefore we will have to

structure the other rules to allow for exchange. This will be accomplished through

the use of the non-deterministic merge operator, ./.

We come next to linear implication.

Linear Implication:

∆(y:A) ` B−I

∆ ` A−B∆ ` A−B ∆A ` A−E

∆ ./∆A ` B

Note the absence of contraction in the elimination rule and instead the (non-deterministic)

merging of the two contexts used in the premises. By merging contexts, we insure

that each hypothesis is used only once (we restrict contraction). By allowing the con-

texts to be non-deterministically merged, we ensure that the order of the hypotheses

is irrelevant (we allow exchange). Logical connectives whose inference rules require

merging together, rather than contracting, premise contexts to form the conclusion

context are called multiplicative.

The reduction for linear implication is, like its unrestricted counterpart, just an

31

application of the substitution principle.

E∆(y:A) ` B

−I∆ ` A−B

D∆A ` A

−E∆ ./ ∆A ` B

=⇒E[D/y]

∆ ./ ∆A ` B


D∆ ` A−B =⇒

D∆ ` A−B

yy:A ` A

−E∆(y:A) ` B

−I∆ ` A−B

All of the previously shown unrestricted connectives, &, >, ⊕, 0, and the quanti-

fiers, also make sense for linear hypothetical judgements and correspond to reasoning

about the ability to derive with given resources. Thus we can interpret a derivation

of the judgement ∆ ` A & B as: Given the resources in ∆, we have the ability to

derive A; and given the resources in ∆, we have the ability to derive B. Note that

this differs from saying we can derive both A and B at the same time. Similarly a

derivation of ∆ ` A ⊕ B can be interpreted as being able to derive either A or B.

These unrestricted connectives, which require that the premises and conclusion all

depend upon the same linear hypotheses, are called additive.

Another notion of conjunction exists for linear hypotheses which can be interpreted

as actually deriving both conjuncts, at the same time. If we have derived A using the

hypotheses in ∆A and we have derived B using the hypotheses in ∆B, then we reflect

this fact in the logic as A⊗B. Of course the introduction rule for ⊗ must have in its

conclusion a context created by combining ∆A and ∆B since both are needed.

In order to use a derivation of A ⊗B, we cannot directly recover a derivation of

A nor of B since we don’t know which hypotheses were used by each derivation. An

attempt to form such an elimination rule (along the lines of those in the previous

section) would result in ⊗ not having both a local reduction and a local expansion.

Instead, we can only use a derivation of A⊗B when we know that hypotheses y1:A

and y2:B are needed in another derivtion. Then, we can replace the two hypotheses

y1:A and y2:B with the hypotheses needed to derive A and B.

32

Multiplicative Conjunction:

∆A ` A ∆B ` B ⊗I∆A ./ ∆B ` A⊗B

∆ ` A⊗B ∆′(y1:A)(y2:B) ` C⊗E

∆′ ./ ∆ ` C

We use ∆A ./ ∆B to combine contexts since we do not care about the order of the

hypotheses; i.e., we want the exchange property to hold.


D1

∆A ` AD2

∆B ` B⊗I

∆A ./∆B ` A⊗BE

∆′(y1:A)(y2:B) ` C⊗E

∆′ ./∆A ./ ∆B ` C

=⇒E[D1/y1][D2/y2]

∆′ ./ ∆A ./ ∆B ` C

We have the following expansion:

D∆ ` A⊗B =⇒

D∆ ` A⊗B

y1

y1:A ` Ay2

y2:B ` B ⊗I(y1:A)(y2:B) ` A⊗B

⊗E∆ ` A⊗B

Just as in the unrestricted case, we can consider the unit of this conjunction. The

multiplicative unit, 1, must in essence be an empty derivation– a derivation requiring

no hypotheses and thus a derivation of nothing. However, unlike the additive unit,

>, we can formulate both an introduction and elimination rule for 1.

Multiplicative unit:

1I· ` 1

∆′ ` 1 ∆ ` A1E

∆′ ./ ∆ ` A

Note that these rules are the 0-ary versions of the rules for ⊗.


1I· ` 1

E∆ ` C

1E∆ ` C

=⇒E

∆ ` C

33


D∆ ` 1 =⇒

D∆ ` 1

1I· ` 1

1E∆ ` 1

While researchers have considered a multiplicative disjunction for intuitionistic

linear logic [7], there seems to be no way to fit such a construction into the judgemental

framework we have been developing. The notion of multiplicative disjunction seems

to require allowing more than one conclusion for each judgement and thus falls outside

the scope of a Martin-Lof-style natural deduction system.

2.6 Ordered Hypothetical Judgements

We finally consider a logic of ordered hypotheses. This logic is essentially the Lambek

calculus [32], reconstructed from a judgemental point of view. Once again we will start

with a hypothetical judgement:

(z1:A1) . . . (zn:An) ` A

where we use hypothesis tags zi to distinguish ordered hypotheses from linear and

unrestricted ones. Our interpretation of this basic judgement shall be: We can derive

A when given all the resources Ai in order.

The ordered context, Ω, shall not enjoy any of the three structural properties.

We have the following substitution principle for ordered hypothetical judgements.

Ordered substitution:

Ω ` A and ΩL(z:A)ΩR ` C implies ΩLΩΩR ` C

Note that the hypotheses needed for A must be placed, in order, in the same location

which the hypothesis A occupied in the context for C.

Since all the ordered hypotheses must be used, our ordered hypothesis rule is

forced and is identical to the linear version.

34

Ordered hypothesis rule:

zz:A ` A

The treatment of ordered implication (i.e., how to reflect ordered hypothetical

reasoning into the logic) is more complicated than for linear implication. Since ordered

contexts will not admit the exchange rule, we have to think about where to put the

new hypothesis in the ordered context. As it turns out, there are only two feasible

choices for placing a new hypothesis into the ordered context.

The first possibility is to place the new hypothesis on the right of the all the other

hypotheses.

Right ordered implication:

Ω(z:A) ` BI

Ω ` AB

Ω ` AB ΩA ` AEΩΩA ` B

Note that the combination of hypotheses ΩΩA, the concatenation of Ω and ΩA, in the

elimination rule is forced in order for there to be a local reduction rule.

EΩ(z:A) ` B

IΩ ` AB

DΩA ` A

EΩΩA ` B

=⇒E[D/z]

ΩΩA ` B


DΩ ` AB =⇒

DΩ ` AB

zz:A ` A

EΩ(z:A) ` B

IΩ ` AB

The other possibility for an ordered implication is to place the hypothesis on the

left of the ordered context.

Left ordered implication:

(z:A)Ω ` BI

Ω ` A B

Ω ` AB ΩA ` AEΩAΩ ` B

35

Note the reverse combination, ΩAΩ, from the E rule is needed in this elimination

rule.

We have the following local reduction:

E(z:A)Ω ` B

IΩ ` AB

DΩA ` A

EΩAΩ ` B

=⇒E[D/y]

ΩAΩ ` B


DΩ ` A B =⇒

DΩ ` AB

zz:A ` A

E(z:A)Ω ` B

IΩ ` A B

Note that our choice of notation for the ordered implications has nothing to do

with monics or epics from category theory and that Lambek used a slightly differ-

ent notation for the two ordered implications. Specifically, A B was written as

B/A, and A B was written as A\B. We feel that the arrow notation is easier to

read; furthermore, it allows us to use the familiar backwards arrow notation for logic

programming in Chapter 10.

We do not have any other ordered implications because there is no way to formulate

complementary introduction and elimination rules when hypotheses are added to any

other location in the ordered context. Suppose we tried to place the new hypothesis

somewhere in the middle of the ordered context. In order to have a general rule, we

could not require an exact number of other hypotheses to already be in the ordered

context, e.g., placing a hypothesis two formulas from the right is not a good rule.

The only other choice is to non-deterministically place the hypothesis somewhere in

the ordered context. When we try to do this, we do not have enough information, in

the elimination rule, to ensure that we get back a derivation of the same judgement

we started with after applying a local reduction.

At this point we give several examples of derivable and non-derivable ordered

hypothetical judgements which give a feel for the ordered implications. We assume

implications are left-associative. First, the judgement · ` A (A B) B is not

36

derivable because the A will be on the wrong side of the AB in the ordered context.

However, · ` (A B) A B is derivable. Similarly, · ` A (A B) B is

derivable.

Like the linear hypothetical judgement, all of the additive connectives, and quanti-

fiers, make sense for the ordered hypothetical judgement. However, the multiplicative

connectives must be modified to ensure that exchange will not hold. Similarly to the

implications, there will be two multiplicative conjunctions since the order in which

the conjuncts were derived matters.

Right multiplicative conjunction:

ΩA ` A ΩB ` B •IΩAΩB ` A •B

Ω ` A •B ΩL(z1:A)(z2:B)ΩR ` C •EΩLΩΩR ` C

The reduction rule for this conjunction is similar to the rule for linear multiplica-

tive conjunction.

D1

ΩA ` AD2

ΩB ` B•I

ΩAΩB ` A •BE

ΩL(z1:A)(z2:B)ΩR ` C•E

ΩLΩAΩBΩR ` C

=⇒E[D1/z1][D2/z2]

ΩLΩAΩBΩR ` C


DΩ ` A •B =⇒

DΩ ` A •B

z1

z1:A ` Az2

z2:B ` B •I(z1:A)(z2:B) ` A •B

•EΩ ` A •B

Note that (A •B)C ≡ ABC which effectively states that • is left-adjunct to

as might be expected. We also point out the equivalence breaks if we replace by

; however if we switch the order of A and B we find that (B•A)C ≡ ABC

does hold.

Here is the other multiplicative conjunction which can be thought of as reversing

the orders of the conjuncts when used.

Left multiplicative conjunction:

ΩA ` A ΩB ` B IΩAΩB ` B A

Ω ` B A ΩL(z1:A)(z2:B)ΩR ` C EΩLΩΩR ` C

37

Note the reversal of A and B between the premises in the elimination rule.

Now we can formulate the following reduction:

D1

ΩA ` AD2

ΩB ` BI

ΩAΩB ` B AE

ΩL(z1:A)(z2:B)ΩR ` CE

ΩLΩAΩBΩR ` C

=⇒E[D1/z1][D2/z2]

ΩLΩAΩBΩR ` C


DΩ ` B A =⇒

DΩ ` B A

z1

z1:A ` Az2

z2:B ` B I(z1:A)(z2:B) ` B A

EΩ ` B A

Note that (A B)C ≡ ABC which effectively states that is left-adjunct

to as might also be expected. Furthermore, A B is equivalent to B •A.

Since it involves no resources, the multiplicative unit is the same as in the linear

case.

2.7 Combined Reasoning

We would like to combine the three modes of reasoning into one coherent logical sys-

tem which allows us to use unrestricted, linear, and ordered hypotheses side-by-side.

For this purpose we shall begin with a compound hypothetical judgement containing

three contexts, one for each kind of hypothesis.

Γ; ∆; Ω ` A

We will now need to formulate three substitution principles, one explaining how

to use each kind of hypothesis. First consider how to relate ordered hypotheses to

derivations. Suppose we know

EΓ; ∆; ΩL(z:A)ΩR ` C and

DΓ; ∆A; ΩA ` A

We would like to be able to substitute occurrences of z in E with D to get a new

derivation of C which doesn’t depend upon z. However, what about the linear and

38

ordered hypotheses used in D? Since z is an ordered hypthesis, it only occurs once in

E and this occurrence respects z’s place in the ordered context. Therefore, we may

just throw in ∆A with ∆ and replace z with ΩA without anything going wrong (see

lemma 2). Then we get the following derivation:

E[D/z]

Γ; ∆ ./ ∆A; ΩLΩΩR ` C

What happens when we try to substitute derivations for linear hypotheses? Sup-

pose we know

EΓ; ∆(y:A); Ω ` C and

DΓ; ∆A; ΩA ` A

We can proceed as before except for the placement of ΩA. Since y is not an ordered

variable, its usage in E is not constrained by the order of the variables in Ω. This

leaves us with no safe place to put ΩA since we have no way of knowing which parts

of Ω will have been used at the time y is used. Consider the following example:

E·; y:A; z:B ` C

z′·; ·; z′:A ` A = D

Note that C may be either A •B or B •A.

There are only two possible ways to substitute D for y:

E[D/y]

·; ·; (z′:A)(z:B) ` C or

E[D/y]

·; ·; (z:B)(z′:A) ` C

However neither resulting judgement is derivable for both of the previously mentioned

choices for C.

The only way we can safely substitute a derivation D for y is if D does not

require ordered hypotheses. Similar reasoning shows us that we may only substitute

a derivation for an unrestricted hypothesis if that derivation doesn’t depend upon

ordered or linear hypotheses.

We now state the substitution principles we have arrived at:

Substitution principles:

39

ΓA(x:A)Γ; ∆; Ω ` C and ΓA; ·; · ` A implies ΓAΓ; ∆; Ω ` C.

Γ; ∆L(y:A)∆R; Ω ` C and Γ; ∆A; · ` A implies Γ; (∆L ./ ∆A)∆R; Ω ` C.

Γ; ∆; ΩL(z:A)ΩR ` C and Γ; ∆A; ΩA ` A implies Γ; ∆ ./∆A; ΩLΩAΩR ` C.

The same considerations used to formulate the substitution principles must also

guide the formulation of the inference rules. Thus we have the following rules for

unrestricted implication:

ΓA; ∆; Ω ` B →I

Γ; ∆; Ω ` A→B

Γ; ∆; Ω ` A→B Γ; ·; · ` A→E

Γ; ∆; Ω ` B

where the linear and ordered contexts in the minor premise of the elimination rule

must be empty.

For a presentation, using the three context hypothetical judgement, of the all the

connectives previously considered see Section 2.10.

2.8 Modalities

While motivating the substitution principles, we concluded that we can only substi-

tute linear hypotheses with derivations which require empty ordered contexts; and

likewise we can only substitute unrestricted hypotheses with derivations which require

empty linear and empty ordered contexts. These properties can be reflected into the

logic with the use of unary connectives, which we sometimes call modalities. Thus

we will introduce two modalities, ¡ and !6, to respectively express independence from

ordered hypotheses, and from both ordered and linear hypotheses. Their introduction

rules are as follows:Γ; ∆; · ` A

¡I

Γ; ∆; · ` ¡A

Γ; ·; · ` A!I

Γ; ·; · ` !A

The elimination rules for these modalities will reflect our intuition that they cap-

ture exactly what is needed to be substitutable for linear and unrestricted hypotheses.

Γ; ∆; Ω ` ¡A Γ; ∆L(y:A)∆R; ΩLΩR ` C¡E

Γ; (∆L ./∆)∆R; ΩLΩΩR ` CΓ; ∆; Ω ` !A Γ(x:A)Γ′; ∆C; ΩLΩR ` C

!EΓΓ′; ∆C ./∆; ΩLΩΩR ` C

6This is the same ! as in linear logic.

40

These elimination rules are simply the substitution principles for linear and unre-

stricted hypotheses without constraints on the contexts. These constraints have been

captured by the modalities.

Both these connectives also satisfy our local soundness and completeness criteria

as shown by the following local reductions and expansions:

Reduction for ¡:

DΓ; ∆A; · ` A

¡IΓ; ∆A; · ` ¡A

EΓ; ∆L(y:A)∆R; Ω ` C

¡EΓ; (∆L ./∆A)∆R; Ω ` C

=⇒E[D/y]

Γ; (∆L ./ ∆A)∆R; Ω ` C

Expansion for ¡:

DΓ; ∆; Ω ` ¡A =⇒

DΓ; ∆; Ω ` ¡A

yΓ; y:A; · ` A

¡I

Γ; y:A; · ` ¡A¡E

Γ; ∆; Ω ` ¡A

Reduction for !:

DΓ; ·; · ` A

!IΓ; ·; · ` !A

EΓ(x:A)Γ′; ∆; Ω ` C

!EΓ; ∆; Ω ` C

=⇒E[D/x]

ΓΓ′; ∆; Ω ` C

Expansion for !:

DΓ; ∆; Ω ` !A =⇒

DΓ; ∆; Ω ` !A

xΓ(x:A); ·; · ` A

!IΓ(x:A); ·; · ` !A

!EΓ; ∆; Ω ` !A

Note that both of these modalities are idempotent (!!A ≡ !A and ¡¡A ≡ ¡A) and

that ! subsumes ¡ (!¡A ≡ !A and ¡!A ≡ !A)7. Therefore, we do not get new modalities

7We now use C ≡ D to denote that both ·; ·;C ` D and ·; ·;D ` C are derivable.

41

from combinations of these two. We also point out that the unrestricted and linear

implications are definable using these modalities: A→ B ≡ (!A)B ≡ (!A) B

and A−B ≡ (¡A)B ≡ (¡A)B.

The equivalences for − are established from the following substitution:

D =

yΓ; y:A; · ` A

¡I

Γ; y:A; · ` ¡A and

EΓ; ∆; ΩL(z:¡A)ΩR ` C =⇒

E[D/z]

Γ; ∆ ./ (y:A); ΩLΩR ` C

and the following derivation:

zΓ; ·; z:¡A ` ¡A

DΓ; ∆(y:A); ΩLΩR ` C

¡EΓ; ∆; ΩL(z:¡A)ΩR ` C

which show that “mobilized” ordered hypotheses, i.e., ordered hypotheses of the form¡A, are essentially (when considering derivability) the same as linear hypotheses. Sim-

ilar results hold for “banged” ordered hypotheses (!A) and unrestricted hypotheses.

The modalities, ! and ¡, only partially distribute across the binary connectives. In

particular the following are all derivable judgements

·; ·; !(AB) ` !A!B ·; ·; !A•!B ` !(A•B) ·; ·; !(A&B) ` !A&!B ·; ·; !A⊕!B ` !(A⊕B)

while none of their converses are derivable. Furthermore, replacing ! with ¡, • with or with does not affect derivability.

At this point our development of ordered linear logic is complete. Note that the

unordered fragment of this logic is identical to intuitionistic linear logic8. Before

giving a full description of the system, we would like to point out that there are other

possibilities for combining these various modes of reasoning.

2.9 Other Approaches to Combined Reasoning

Our system, following the tradition of linear logic, combines unrestricted, linear and

ordered reasoning about hypotheses; it is the hypotheses which have constraints

placed upon their usage. Another possibility is to place constraints at the context

8A⊗ B, in linear logic, is equivalent to ¡A • ¡B in ordered linear logic.

42

level and have “mixed” contexts. This is the approach espoused by the logic of

bunched implications (BI) [40] which combines unrestricted and linear reasoning (but

not ordered reasoning).

In BI, contexts are not flat lists but trees. It is the tree nodes which are either

unrestricted or linear. This system has two implications,→ for unrestricted reasoning

and→∗ for linear reasoning. The two implications correspond to two different context

constructors, one of which allows either of its arguments to be copied and erased.

Thus the judgement · ` A→∗ B → B is derivable (where · denotes either empty

context) while · ` B→A→∗B is not derivable. It seems likely that one could extend

BI with an ordered implication and an ordered context constructor and thus have

an entirely different system from ordered linear logic which combines unrestricted,

linear, and ordered reasoning.

A further possibility is to combine the formula level approach with the context

level approach. That is to have a system like BI which also has modalities. This is

essentially how Non-commutative Logic (NL) [1, 57] was constructed. NL combines

all three types of reasoning, however unrestricted reasoning is limited to the formula

level, by the use of a modality, while linear and ordered reasoning take place at the

context level. Thus NL’s context is a tree-like hierarchical structure (more specifically

a generalization of strict partial orders called order varieties) where all nodes are linear

and some nodes are ordered. This forces the mobility of formulas to be scoped.

NL is presented as a classical logic. It is thus presented as a single-sided sequent

system. Furthermore its context is circular in order to have a single negation. How-

ever, there is an intuitionistic version of NL [58, 16] which does not have a circular

context.

Finally, we note that ordered linear logic can be thought of as an intuitionistic

version of cyclic linear logic [61], which was an early attempt to combine ordered rea-

soning with linear logic. However, ordered linear logic was developed independently

of cyclic linear logic and has a solid basis in the tradition Martin-Lof style logic. Be-

cause of this intuitionistic grounding, ordered linear logic gives rise to a term calculus

and is a suitable basis for an LF style logical framework [23].

43

2.10 Derivation Rules for Ordered Linear Logic

In this section we summarize the derivation rules for ordered linear logic.

xΓL(x:A)ΓR; ·; · ` A

yΓ; y:A; · ` A

zΓ; ·; z:A ` A

Γ(x:A); ∆; Ω ` B→I

Γ; ∆; Ω ` A→B

Γ; ∆; Ω ` A→B Γ; ·; · ` A→EΓ; ∆; Ω ` B

Γ; ∆(y:A); Ω ` B−I

Γ; ∆; Ω ` A− BΓ; ∆; Ω ` A− B Γ; ∆A; · ` A

−EΓ; ∆ ./∆A; Ω ` B

Γ; ∆; Ω(z:A) ` BI

Γ; ∆; Ω ` AB

Γ; ∆; Ω ` AB Γ; ∆A; ΩA ` AEΓ; ∆ ./∆A; ΩΩA ` B

Γ; ∆; (z:A)Ω ` BI

Γ; ∆; Ω ` AB

Γ; ∆; Ω ` AB Γ; ∆A; ΩA ` AEΓ; ∆ ./∆A; ΩAΩ ` B

Γ; ∆A; ΩL ` A Γ; ∆B; ΩR ` B •IΓ; ∆A ./∆B; ΩLΩR ` A •B

Γ; ∆; Ω ` A •B Γ; ∆C; ΩL(z1:A)(z2:B)ΩR ` C •EΓ; ∆ ./∆C; ΩLΩΩR ` C

Γ; ∆A; ΩR ` A Γ; ∆B; ΩL ` B IΓ; ∆A ./∆B; ΩLΩR ` B A

Γ; ∆; Ω ` B A Γ; ∆C; ΩL(z1:A)(z2:B)ΩR ` C EΓ; ∆ ./∆C; ΩLΩΩR ` C

1IΓ; ·; · ` 1

Γ; ∆; Ω ` 1 Γ; ∆C; ΩLΩR ` C1E

Γ; ∆ ./∆C; ΩLΩΩR ` C

Γ; ∆; Ω ` A Γ; ∆; Ω ` B&I

Γ; ∆; Ω ` A& B

Γ; ∆; Ω ` A& B&E1

Γ; ∆; Ω ` AΓ; ∆; Ω ` A&B

&E2Γ; ∆; Ω ` B

Γ; ∆; Ω ` A⊕I1

Γ; ∆; Ω ` A⊕BΓ; ∆; Ω ` B

⊕I2Γ; ∆; Ω ` A⊕B

Γ; ∆; Ω ` A⊕ B Γ; ∆C; ΩL(z1:A)ΩR ` C Γ; ∆C; ΩL(z2:B)ΩR ` C ⊕EΓ; ∆ ./∆C; ΩLΩΩR ` C

44

>IΓ; ∆; Ω ` >

Γ; ∆; Ω ` 00E


Γ; ∆; Ω ` [a/x]A∀aI

Γ; ∆; Ω ` ∀x. AΓ; ∆; Ω ` ∀x. A

∀EΓ; ∆; Ω ` [t/x]A

Γ; ∆; Ω ` [t/x]A∃I

Γ; ∆; Ω ` ∃x. AΓ; ∆; Ω ` ∃x. A Γ; ∆C; ΩL(z:A[a/x])ΩR ` C ∃aE


Γ; ∆; · ` A¡I

Γ; ∆; · ` ¡A

Γ; ∆; Ω ` ¡A Γ; ∆L(y:A)∆R; ΩLΩR ` C¡E

Γ; (∆L ./∆)∆R; ΩLΩΩR ` C

Γ; ·; · ` A!I

Γ; ·; · ` !A

Γ; ∆; Ω ` !A Γ(x:A); ∆C; ΩLΩR ` C!E

Γ; ∆ ./∆C ; ΩLΩΩR ` C

where a must not appear free in the conclusion the ∀aI rule; similarly, a must not

appear free in the first premise nor the conclusion of the ∃aE rule.

2.11 Properties of Ordered Linear Logic

We now formally state and prove that the expected structural properties and substi-

tution principles hold for ordered linear logic.

Lemma 1 (Structural Properties) The following all hold:

1. ΓL(x1:A)(x2:A)ΓR; ∆; Ω ` C implies ΓL(x:A)ΓR; ∆; Ω ` C.

2. ΓLΓR; ∆; Ω ` C implies ΓL(x:A)ΓR; ∆; Ω ` C.

3. ΓL(x1:A)(x2:B)ΓR; ∆; Ω ` C implies ΓL(x2:B)(x1:A)ΓR; ∆; Ω ` C.

4. Γ; ∆L(y1:A)(y2:B)∆R; Ω ` C implies Γ; ∆L(y2:B)(y1:A)∆R; Ω ` C.

45

Proof: By structural induction on the given derivation. Note that this induction

defines a structure preserving translation—only the hypotheses change for each judg-

ment in a derivation.

Lemma 2 (Substitution) The following hold:

1. ΓA(x:A)Γ; ∆; Ω ` C and ΓA; ·; · ` A implies ΓAΓ; ∆; Ω ` C.

2. Γ; ∆L(y:A)∆R; Ω ` C and Γ; ∆A; · ` A implies Γ; (∆L ./ ∆A)∆R; Ω ` C.

3. Γ; ∆; ΩL(z:A)ΩR ` C and Γ; ∆A; ΩA ` A implies Γ; ∆ ./∆A; ΩLΩAΩR ` C.

Proof: By structural induction over the given derivation for C. Again we have a

structure preserving translation where every use of A in the deduction of C is replaced

by the given deduction of A.

We have already shown that each connective in the logic is locally sound and

complete for a single context logic. Given the introduction and elimination rules of

Section 2.10, it is a simple task to extend the previous local reductions and expansions

to ordered linear logic.

Now that we have a complete logical system we would like to show that it is a

“good” logic. The standard test for a natural deduction system is normalization. The

local reductions for each connective provide a local normalization result, but this is

not enough to guarantee a global result. Thus, we will prove a normalization result

for ordered linear logic.

Although it is possible, using a Kripke-style logical-relations argument, we will not

directly prove a normalization result on the natural deduction system presented in this

chapter. Instead, we will follow Gentzen’s path and prove a cut-elimination result

for a sequent calculus which is equivalent (in terms of derivability) to the natural

deduction system. In addition to helping us prove normalization of ordered linear

logic, the sequent calculus system is of interest in its own right.

Specifically, we will prove normalization as follows:

1. Introduce a normal natural deduction system for ordered linear logic.

(a) This system will only allow normal derivations.

46

(b) Normal derivations are trivially converted to arbitrary derivations.

2. Introduce a cut-free sequent calculus for ordered linear logic.

3. Show admissibility of cut for sequent system.

4. Show equivalence of arbitrary natural deductions and a sequent system with

cut.

5. Show equivalence of normal natural deduction system and cut-free sequent cal-

culus.

The subsequent three chapters will be occupied with executing this plan.

47

48

Chapter 3

Normal Deductions

A normal deduction is one in which no unnecesary paths are taken when proceeding

from hypotheses to conclusions– in other words, a derivation in which no formula is de-

rived and then later eliminated. The intuition behind this property is the same which

underlies the local reductions (and expansions) examined in the previous chapter: the

conservation of information by the introduction/elimination rule pairs. However, the

local reductions for each connective only cover introductions immediately followed by

eliminations. They are not directly applicable to situations where a formula, A, is

introduced and other formulas are eliminated (possibly modifying contexts) before

eliminating A.

As noted by Prawitz [55], normal deductions correspond very well to natural

human reasoning. Specifically, a normal derivation can be separated into two parts.

One part consists of breaking down the given hypotheses, using the elimination rules,

until all the parts needed to assemble the desired conclusion are obtained. The other

part consists of producing the conclusion using the introduction rules. A further

nice fact about normal derivations is that they enjoy the subformula property– every

formula in a derivation is a subformula of the conclusion, or of some hypothesis in

the last judgement. This property is absolutely necessary if there is to be any hope

of automating proof search, which we wish to do in order to have an ordered linear

logic programming language.

In this chapter, we present a refined system of natural deduction for ordered

linear logic which only admits normal deductions. This system is based on separating

normal deductions, characterized by bottom-up reasoning with introduction rules,

49

from atomic deductions, characterized by top-down reasoning with elimination rules.

These two can meet at any point with a coercion which allows us to view any atomic

deduction as normal.

3.1 Normal Deductions for Ordered Linear Logic

We characterize normal deductions with two judgements:

Γ; ∆; Ω ` A ↑ A has a normal derivation

Γ; ∆; Ω ` A ↓ A has an atomic derivation

The arrow indicates the direction of reasoning allowed.

Below are the judgements for the normal natural deduction system. To improve

readability, we leave hypothesis labels implicit and use generic names for the hypoth-

esis rules.

ihypΓLAΓR; ·; · ` A ↓

lhypΓ;A; · ` A ↓

ohypΓ; ·;A ` A ↓

Γ; ∆; Ω ` A ↓coercion

Γ; ∆; Ω ` A ↑

ΓA; ∆; Ω ` B ↑ →IΓ; ∆; Ω ` A→B ↑

Γ; ∆; Ω ` A→B ↓ Γ; ·; · ` A ↑→EΓ; ∆; Ω ` B ↓

Γ; ∆A; Ω ` B ↑−I

Γ; ∆; Ω ` A− B ↑Γ; ∆; Ω ` A−B ↓ Γ; ∆A; · ` A ↑

−EΓ; ∆ ./∆A; Ω ` B ↓

Γ; ∆;AΩ ` B ↑ IΓ; ∆; Ω ` AB ↑

Γ; ∆; Ω ` AB ↓ Γ; ∆A; ΩA ` A ↑EΓ; ∆ ./∆A; ΩAΩ ` B ↓

Γ; ∆; ΩA ` B ↑I

Γ; ∆; Ω ` AB ↑Γ; ∆; Ω ` AB ↓ Γ; ∆A; ΩA ` A ↑E

Γ; ∆ ./∆A; ΩΩA ` B ↓

Γ; ∆A; ΩL ` A ↑ Γ; ∆B; ΩR ` B ↑ •IΓ; ∆A ./∆B ; ΩLΩR ` A •B ↑

Γ; ∆; Ω ` A •B ↓ Γ; ∆C; ΩLABΩR ` C ↑ •EΓ; ∆ ./∆C ; ΩLΩΩR ` C ↑

Γ; ∆A; ΩR ` A ↑ Γ; ∆B; ΩL ` B ↑ IΓ; ∆A ./∆B ; ΩLΩR ` A B ↑

Γ; ∆; Ω ` A B ↓ Γ; ∆C; ΩLBAΩR ` C ↑ EΓ; ∆ ./∆C ; ΩLΩΩR ` C ↑

50

Γ; ∆; Ω ` A ↑ Γ; ∆; Ω ` B ↑&I

Γ; ∆; Ω ` A& B ↑Γ; ∆; Ω ` A& B ↓

&E1Γ; ∆; Ω ` A ↓

Γ; ∆; Ω ` A& B ↓&E2

Γ; ∆; Ω ` B ↓

Γ; ∆; Ω ` A ↑⊕I1

Γ; ∆; Ω ` A⊕B ↑Γ; ∆; Ω ` B ↑

⊕I2Γ; ∆; Ω ` A⊕ B ↑

Γ; ∆; Ω ` A⊕ B ↓ Γ; ∆C; ΩLAΩR ` C ↑ Γ; ∆C; ΩLBΩR ` C ↑ ⊕EΓ; ∆ ./∆C ; ΩLΩΩR ` C ↑

1IΓ; ·; · ` 1 ↑

Γ; ∆; Ω ` 1 ↓ Γ; ∆C; ΩLΩR ` C ↑1E

Γ; ∆ ./∆C; ΩLΩΩR ` C ↑

>IΓ; ∆; Ω ` > ↑

Γ; ∆; Ω ` 0 ↓0E

Γ; ∆ ./∆C ; ΩLΩΩR ` C ↑

Γ; ∆; Ω ` [a/x]A ↑∀aI

Γ; ∆; Ω ` ∀x. A ↑Γ; ∆; Ω ` ∀x. A ↓

∀EΓ; ∆; Ω ` [t/x]A ↓

Γ; ∆; Ω ` [t/x]A ↑∃I

Γ; ∆; Ω ` ∃x. A ↑Γ; ∆; Ω ` ∃x. A ↓ Γ; ∆C; ΩL[a/x]AΩR ` C ↑ ∃aE

Γ; ∆ ./∆C; ΩLΩΩR ` C ↑

Γ; ∆; · ` A ↑¡I

Γ; ∆; · ` ¡A ↑Γ; ∆; Ω ` ¡A ↓ Γ; ∆CA; ΩLΩR ` C ↑ ¡E

Γ; ∆ ./∆C; ΩLΩΩR ` C ↑

Γ; ·; · ` A ↑!I

Γ; ·; · ` !A ↑Γ; ∆; Ω ` !A ↓ ΓA; ∆C; ΩLΩR ` C ↑

!EΓ; ∆ ./∆C ; ΩLΩΩR ` C ↑

It is easy to see that this system only allows normal proofs. Since there is no

way to turn a normal (↑) derivation into an atomic (↓) one, it is indeed impossible to

introduce and then eliminate a formula.

51

3.2 Properties of Normal Deductions

We remark that this system enjoys structural properties analogous to the previous

system.

Lemma 3 (Normal Structural Properties) The following all hold:

1. ΓLAAΓR; ∆; Ω ` C ↑ implies ΓLAΓR; ∆; Ω ` C ↑.

2. ΓLΓR; ∆; Ω ` C ↑ implies ΓLAΓR; ∆; Ω ` C ↑.

3. ΓLABΓR; ∆; Ω ` C ↑ implies ΓLBAΓR; ∆; Ω ` C ↑.

4. Γ; ∆LAB∆R; Ω ` C ↑ implies Γ; ∆LBA∆R; Ω ` C ↑.

5. ΓLAAΓR; ∆; Ω ` C ↓ implies ΓLAΓR; ∆; Ω ` C ↓.

6. ΓLΓR; ∆; Ω ` C ↓ implies ΓLAΓR; ∆; Ω ` C ↓.

7. ΓLABΓR; ∆; Ω ` C ↓ implies ΓLBAΓR; ∆; Ω ` C ↓.

8. Γ; ∆LAB∆R; Ω ` C ↓ implies Γ; ∆LBA∆R; Ω ` C ↓.

Proof: By structural induction over the given derivation.

Furthermore we have the following substitution principles. Notice that only an

atomic derivation may be substituted for a hypothesis since the uses of assumptions

are considered atomic deductions (the ohyp, lhyp, and ihyp rules).

Lemma 4 (Normal Substitution) The following all hold:

1. ΓAAΓ; ∆; Ω ` C ↑ and ΓA; ·; · ` A ↓ implies ΓAΓ; ∆; Ω ` C ↑.

2. Γ; ∆LA∆R; Ω ` C ↑ and Γ; ∆A; · ` A ↓ implies Γ; (∆L ./∆A)∆R; Ω ` C ↑.

3. Γ; ∆; ΩLAΩR ` C ↑ and Γ; ∆A; ΩA ` A ↓ implies Γ; ∆ ./∆A; ΩLΩAΩR ` C ↑.

4. ΓAAΓ; ∆; Ω ` C ↓ and ΓA; ·; · ` A ↓ implies ΓAΓ; ∆; Ω ` C ↓.

52

5. Γ; ∆LA∆R; Ω ` C ↓ and Γ; ∆A; · ` A ↓ implies Γ; (∆L ./ ∆A)∆R; Ω ` C ↓.

6. Γ; ∆; ΩLAΩR ` C ↓ and Γ; ∆A; ΩA ` A ↓ implies Γ; ∆ ./∆A; ΩLΩAΩR ` C ↓.

Proof: By structural induction over the given derivation for C.

Since the structure of the rules in the normal system follows that of the previous

system, we can easily see that the normal system simply rules out some valid deduc-

tions of the previous system. Therefore we have the following soundness theorem.

Theorem 5 The following hold:

1. Γ; ∆; Ω ` A ↑ implies Γ; ∆; Ω ` A

2. Γ; ∆; Ω ` A ↓ implies Γ; ∆; Ω ` A

Proof: By simple structural induction. Coercions are simply eliminated.

The converse, that every provable proposition has a normal deduction, does indeed

hold and could be proved by a Kripke logical relations argument [19]. The proof for

a fragment of the system above is a minor modification of the proof of the existence

of canonical forms given in [51]. Instead, we will prove it indirectly by going through

a sequent calculus presentation of ordered linear logic, taking advantage of the cut

elimination theorem. This will also give further validation to our sequent system,

which we are interested in for its own sake, by showing that it exactly proves the

propositions which have natural deductions.

3.3 Directed Deductions

Before introducing the sequent system, we introduce a third natural deduction system

for ordered linear logic which is obviously equivalent to the original. This system is

based on the preceding normal system and has two judgements standing for normal

and atomic derivations. However, in order to recover arbitrary deductions, it also

allows an additional coercion from normal to atomic derivations. We write Γ; ∆; Ω `+

A ↑ and Γ; ∆; Ω `+ A ↓ which is defined by exactly the same rules as the normal and

atomic judgments above, plus the rule

53

Γ; ∆; Ω `+ A ↑lemma

Γ; ∆; Ω `+ A ↓


1. Γ; ∆; Ω `+ A ↑ iff Γ; ∆; Ω ` A

2. Γ; ∆; Ω `+ A ↓ iff Γ; ∆; Ω ` A

Proof: In each direction, by simple structural induction on the given derivation. In

the forward direction coercions are simply eliminated by the translation. In the back-

wards direction they are introduced if the last inference is not of the right kind. Note

that these translations do not form a bijection since redundant coercions collapse.

We also point out that Lemma 4 can be trivially extended to the directed deduction

system. In succeeding chapters, we will use Lemma 4 for both normal and directed

deductions.

54

Chapter 4

Sequent Calculus

While natural deduction systems provide an elegant formalization of intuitionistic

reasoning, they are not ideally suited for analyzing properties of proof search. The

main difficulty stems from the inability to directly manipulate hypotheses in a natural

deduction system. A formalism better suited for analyzing proof search is the sequent

calculus.

In a sequent calculus, the logical connectives are characterized by right rules and

left rules which, as we shall see, correspond to the introduction and elimination rules

of natural deduction. In addition we have initial sequents which play the role of

coercions in the normal natural deduction system. Furthermore, the sequent calculus

is usually formulated with an explicit rule for reasoning with lemmas, called cut,

which will correspond to the lemma rule in the directed natural deduction system

(the system introduced at the end of Chapter 3).

In the sequent calculus proof search proceeds in one direction, from conclusion

to hypotheses (bottom-up). This in contrast to a natural deduction system which

requires two separate phases of proof search, one driven by the hypotheses (using

elimination rules) and another analyzing the conclusion (using introduction rules).

Proof search can proceed in one direction from beginning to end because the sequent

calculus gives us, via the left rules, direct access to hypotheses. This also allows dual

connectives (e.g., & and ⊕) to have syntactically dual inference rules.

In this chapter we present a sequent calculus for ordered linear logic. This sequent

calculus is a conservative extension of both associative Lambek calculus [32] and the

sequent system for non-commutative intuitionistic linear logic given in [8]. We will

55

present a sequent system without an explicit cut rule. This system will correspond

exactly to normal natural deductions. We will then prove that cut is an admissible

rule in the system. This lets us form a sequent system with explicit cut rules which

will correspond to the directed natural deduction system described at the end of

Chapter 3.

4.1 Sequent Calculus for Ordered Linear Logic

Similar to natural deduction judgements, our sequents have the form:

Γ; ∆; Ω =⇒ A

where Γ,∆,Ω are lists of formulas, and A is a proposition. Again, Γ,∆,Ω are meant to

denote an intuitionistic, linear, and ordered context respectively. We sometimes refer

to the formulas on the left of the sequent arrow, the hypotheses, as the antecedent,

and to those on the right of the sequent arrow as the succedent. As their names

suggest, left rules will operate on formulas in the antecedent, while right rules will

operate on the succedent formula.

In the sequent setting, one may logically think of the three antecedent contexts

as one big context where the ordered hypotheses are in a fixed relative order while

the other linear and unrestricted propositions may “float”. The intuitionistic propo-

sitions may also be copied or ignored. Traditionally the basic structural properties

of the hypotheses– exchange, weakening, and cotraction– are explicitly formulated as

inference rules in the sequent calculus. However, in keeping with the style of our nat-

ural deduction system, we will build these structural properties into the formulation

of the left, right and init rules.

We start with initial sequents, which encode that all linear and ordered hypotheses

must be used, while those in Γ need not be used.

initΓ; ·;A =⇒ A

We have two explicit structural rules: place, which commits a linear hypothesis to

a particular place among the ordered hypotheses; and copy, which duplicates and

places an unrestricted hypothesis.

ΓLAΓR; ∆; ΩLAΩR =⇒ Bcopy

ΓLAΓR; ∆; ΩLΩR =⇒ B

Γ; ∆L∆R; ΩLAΩR =⇒ Bplace

Γ; ∆LA∆R; ΩLΩR =⇒ B

56

The following four rules describing the intuitionistic and linear implications trans-

late the standard sequent rules for intuitionistic linear logic into our setting. Note

the restrictions on the linear and ordered contexts in the two left rules which are

necessary to preserve linearity and order, respectively.

ΓA; ∆; Ω =⇒ B →RΓ; ∆; Ω =⇒ A→B

Γ; ∆; ΩLBΩR =⇒ C Γ; ·; · =⇒ A→LΓ; ∆; ΩL(A→B)ΩR =⇒ C

Γ; ∆A; Ω =⇒ B−R

Γ; ∆; Ω =⇒ A− BΓ; ∆B; ΩLBΩR =⇒ C Γ; ∆A; · =⇒ A

−LΓ; ∆B ./∆A; ΩL(A−B)ΩR =⇒ C

The right rule for ordered right implication A B adds A at the right end of

the ordered context. In order to allow an admissible cut rule, the left rule must then

take hypotheses immediately to the right of the right implication for deriving the

antecedent A. The remaining hypotheses are joined with B (in order) to derive C.

We must also be careful that each linear hypothesis comes from exactly one premise,

although their order does not matter (hence the merge operation ∆B ./ ∆A).

Γ; ∆; ΩA =⇒ BR

Γ; ∆; Ω =⇒ AB

Γ; ∆B; ΩLBΩR =⇒ C Γ; ∆A; ΩA =⇒ AL

Γ; ∆B ./∆A; ΩL(AB)ΩAΩR =⇒ C

The rules for left implication are symmetric.

Γ; ∆;AΩ =⇒ BR

Γ; ∆; Ω =⇒ AB

Γ; ∆B; ΩLBΩR =⇒ C Γ; ∆A; ΩA =⇒ AL

Γ; ∆B ./∆A; ΩLΩA(AB)ΩR =⇒ C

The rules for the remaining connectives do not introduce any new ideas and are

essentially the rules for a sequent presentation of intuitionistic linear logic extended

to include ordered contexts.

Γ; ∆A; ΩL =⇒ A Γ; ∆B; ΩR =⇒ B •RΓ; ∆A ./∆B ; ΩLΩR =⇒ A •B

Γ; ∆; ΩLABΩR =⇒ C •LΓ; ∆; ΩL(A •B)ΩR =⇒ C

Γ; ∆A; ΩR =⇒ A Γ; ∆B; ΩL =⇒ BR

Γ; ∆A ./∆B ; ΩLΩR =⇒ A BΓ; ∆; ΩLBAΩR =⇒ C

LΓ; ∆; ΩL(A B)ΩR =⇒ C

57

1RΓ; ·; · =⇒ 1

Γ; ∆; ΩLΩR =⇒ C1L

Γ; ∆; ΩL1ΩR =⇒ C

>RΓ; ∆; Ω =⇒ >

Γ; ∆; Ω =⇒ A Γ; ∆; Ω =⇒ B&R

Γ; ∆; Ω =⇒ A&B

Γ; ∆; ΩLAΩR =⇒ C&L1

Γ; ∆; ΩL(A& B)ΩR =⇒ C

Γ; ∆; ΩLBΩR =⇒ C&L2

Γ; ∆; ΩL(A&B)ΩR =⇒ C

Γ; ∆; Ω =⇒ A⊕R1

Γ; ∆; Ω =⇒ (A⊕ B)

Γ; ∆; Ω =⇒ B⊕R2

Γ; ∆; Ω =⇒ (A⊕ B)

Γ; ∆; ΩLAΩR =⇒ C Γ; ∆; ΩLBΩR =⇒ C⊕L

Γ; ∆; ΩL(A⊕ B)ΩR =⇒ C0L

Γ; ∆; ΩL0ΩR =⇒ C

Γ; ∆; Ω =⇒ A[a/x]∀aR

Γ; ∆; Ω =⇒ ∀x. AΓ; ∆; ΩL(A[t/x])ΩR =⇒ C

∀LΓ; ∆; ΩL(∀x. A)ΩR =⇒ C

Γ; ∆; Ω =⇒ [t/x]A∃R

Γ; ∆; Ω =⇒ ∃x. AΓ; ∆; ΩL(A[a/x])ΩR =⇒ C

∃aLΓ; ∆; ΩL(∃x. A)ΩR =⇒ C

Γ; ·; · =⇒ A!R

Γ; ·; ·=⇒ !A

ΓA; ∆; ΩLΩR =⇒ C!L

Γ; ∆; ΩL(!A)ΩR =⇒ C

Γ; ∆; · =⇒ A¡R

Γ; ∆; · =⇒ ¡A

Γ; ∆A; ΩLΩR =⇒ C¡L

Γ; ∆; ΩL(¡A)ΩR =⇒ C

As usual we require that a not appear free in the conclusions of the ∀aR and ∃aL rules.

It is clear that this system has the subformula property: only instances of subfor-

mulas of propositions present in the conclusion can appear in the derivation. Since

proof search based on this form of sequent calculus proceeds bottom-up, this is a

critical property. It is due, of course, to the absence of any explicit cut rule.

58

To give a feel for how the sequent system works, we show a sample derivation which

sketches how ordered linear logic can be used for natural language parsing. Suppose

Γ = [(npvp snt) (tvnp vp) (lovestv) (marynp) (bob np)] where all

the words and grammatical abbreviations1 are atomic formulas. We may think of the

formulas in Γ as a grammar for simple English sentences. For example, npvpsnt

specifies that a sentence is a verb phrase to the right of a noun phrase. The phrase

to be parsed with the grammar is in the ordered context. The succedent contains the

grammatical pattern with which we are trying to classify the input. Thus to parse

the sentence: mary loves bob, we would prove: Γ; ·; mary loves bob =⇒ snt.

Θ

Γ; ·; np tv np =⇒ sntinit

Γ; ·; bob =⇒ bobL

Γ; ·; np tv (bob np) bob =⇒ sntinit

Γ; ·; loves =⇒ lovesL

Γ; ·; np (loves tv) loves (bob np) bob =⇒ sntinit

Γ; ·; mary =⇒ maryL

Γ; ·; (mary np) mary (loves tv) loves (bob np) bob =⇒ sntcopy ∗ 3

Γ; ·; mary loves bob =⇒ snt

where Θ =

initΓ; ·; snt =⇒ snt

initΓ; ·; vp =⇒ vp

LΓ; ·; (vp snt) vp =⇒ snt

initΓ; ·; np =⇒ np

LΓ; ·; (np vp snt) np vp =⇒ snt

initΓ; ·; np =⇒ np

LΓ; ·; (np vp snt) np (np vp) np =⇒ snt

initΓ; ·; tv =⇒ tv

LΓ; ·; (np vp snt) np (tv np vp) tv np =⇒ snt

copy ∗ 2Γ; ·; np tv np =⇒ snt

Note that this is not the only way to derive the end-sequent. For instance, we could

have moved all instances of copy and place to the beginning of the derivation; or we

could have appliedL to the formulas in a different order.

4.2 Admissibility of Cut

We shall now validate our version of the sequent calculus by showing the admissibility

of cut in the system. Towards this end, we have the following lemma.

1snt = sentence, np = noun phrase, vp = verb phrase, tv = transitive verb

59

Lemma 7 (Weakening, Contraction, and Exchange) The following all hold:

1. ΓLΓR; ∆; Ω =⇒ C implies ΓLAΓR; ∆; Ω =⇒ C.

2. ΓLAAΓR; ∆; Ω =⇒ C implies ΓLAΓR; ∆; Ω =⇒ C.

3. ΓLABΓR; ∆; Ω =⇒ C implies ΓLBAΓR; ∆; Ω =⇒ C.

4. Γ; ∆LAB∆R; Ω =⇒ C implies Γ; ∆LBA∆R; Ω =⇒ C.

Proof: By structural induction on the given derivation. Note that the structure of

the derivation remains the same.

Our sequent system combines the ideas of a multi-zone presentation due to An-

dreoli [2] with implicit structural rules to permit a proof of the admissibility of cut

(and thus cut elimination) by structural induction as in [44].

Theorem 8 (Admissibility of Cut)

The following three statements hold:

CutΩ: Γ; ∆C; ΩC =⇒ C and Γ; ∆; ΩLCΩR =⇒ A implies Γ; ∆C./∆; ΩLΩCΩR =⇒ A.

Cut∆: Γ; ∆C ; · =⇒ C and Γ; ∆LC∆R; Ω =⇒ A implies Γ; (∆L ./∆C)∆R; Ω =⇒ A.

CutΓ: ΓL; ·; · =⇒ C and ΓLCΓR; ∆; Ω =⇒ A implies ΓLΓR; ∆; Ω =⇒ A.

Proof: By induction on the structure of the cut formula C, the type of cut where

CutΓ > Cut∆ > CutΩ, and the derivations of the premises. Therefore we may apply

the induction hypothesis in the following cases: 1) the cut formula gets smaller; 2) the

same cut formula but we move from CutΓ to Cut∆ or CutΩ; 3) the same cut formula

but we move from Cut∆ to CutΩ; 4) the cut formula and type of cut stay the same

but one of the derivations gets smaller.

There are 5 basic cases to consider: init cases where one of the premises is an

init rule, structural cases where the cut formula is the subject of a structural rule,

essential cases where the principal formula of both premises is cut, commutative cases

where the cut formula is a side formula on the first or second premise. Note that these

cases are not mutually exclusive.

We show some representative cases.

60

case 1: init cases.

case:init

Γ; ·;C =⇒ C and Γ; ∆; ΩLCΩR =⇒ A is trivial.

case: Γ; ∆; Ω =⇒ C andinit

Γ; ·;C =⇒ C is trivial.

case: ΓL; ·; · =⇒ C andinit

ΓLCΓR; ·;A =⇒ A theninit

ΓLΓR; ·;A =⇒ A

case 2: Structural cases.

case: ΓL; ·; · =⇒ C and

ΓLCΓR; ∆; ΩLCΩR =⇒ Acopy

ΓLCΓR; ∆; ΩLΩR =⇒ A

Then

ΓLΓR; ∆; ΩLCΩR =⇒ A ind. hyp.(CutΓ)

ΓLΓR; ·; · =⇒ C weakening

ΓLΓR; ∆; ΩLΩR =⇒ A ind. hyp.(CutΓ > CutΩ)

case 3: Essential cases.

case:

ΓC; ∆; Ω =⇒ B →R

Γ; ∆; Ω =⇒ C→B and

Γ; ∆A; ΩLBΩR =⇒ A Γ; ·; · =⇒ C→L

Γ; ∆A; ΩL(C→B)ΩR =⇒ A

ThenΓ; ∆; Ω =⇒ B ind. hyp.(CutΓ)

Γ; ∆A ./ ∆; ΩLΩΩR =⇒ A ind. hyp.(CutΩ)

case 4: Commutative cases where cut formula is not principal in first hypothesis (i.e.

end-sequent of first given derivation can’t end in a right rule).

case:

Γ; ∆B; ΩLBΩR =⇒ C Γ; ∆D; ΩD =⇒ DLΓ; ∆B ./∆D; ΩLΩD(D B)ΩR =⇒ C and Γ; ∆; ΩLCCΩRC =⇒ A

Then

Γ; ∆B ./ ∆; ΩLCΩLBΩRΩRC =⇒ A ind. hyp.

Γ; ∆B ./ ∆ ./ ∆D; ΩLCΩLΩD(DB)ΩRΩRC =⇒ A L

case:

ΓLDΓR ; ∆C; ΩLCDΩRC =⇒ Ccopy

ΓLDΓR; ∆C ; ΩLCΩRC =⇒ C and ΓLDΓR; ∆; ΩLCΩR =⇒ A

Then

ΓLDΓR; ∆C ./∆; ΩLΩLCDΩRCΩR =⇒ A ind. hyp.(CutΩ)

ΓLDΓR; ∆C ./∆; ΩLΩLCΩRCΩR =⇒ A copy

61

case 5: commutative cases where cut formula is not principal in end-sequent of sec-

ond given derivation.

case: Γ; ∆C; ΩC =⇒ C and

Γ; ∆;AΩLCΩR =⇒ B RΓ; ∆; ΩLCΩR =⇒ AB

ThenΓ; ∆C ./∆;AΩLΩCΩR =⇒ B ind. hyp.

Γ; ∆C ./∆; ΩLΩCΩR =⇒ AB R

case: Γ; ∆C; ΩC =⇒ C and

Γ; ∆B; ΩLLCΩLRBΩR =⇒ A Γ; ∆D; ΩD =⇒ DLΓ; ∆B ./∆D; ΩLLCΩLRΩD(DB)ΩR =⇒ A

Then

Γ; ∆C ./∆B; ΩLLΩCΩLRBΩR =⇒ A ind. hyp.

Γ; ∆C ./∆B ./ ∆D; ΩLLΩCΩLRΩD(DB)ΩR =⇒ A L

case: Γ; ∆C; · =⇒ C and

Γ; ∆LC∆R;AΩ =⇒ B RΓ; ∆LC∆R; Ω =⇒ AB

Then

Γ; ∆L ./ ∆C ./ ∆R;AΩ =⇒ B ind. hyp.

Γ; ∆L ./ ∆C ./ ∆R; Ω =⇒ A B R

case: Γ; ∆C; · =⇒ C and

Γ; ∆BLC∆BR; ΩLBΩR =⇒ A Γ; ∆D; ΩD =⇒ DLΓ; (∆BLC∆BR) ./ ∆D; ΩLΩD(DB)ΩR =⇒ A

Then

Γ; ∆C ./ (∆BL∆BR); ΩLBΩR =⇒ A ind. hyp.

Γ; ∆C ./ (∆BL∆BR) ./ ∆D; ΩLΩD(DB)ΩR =⇒ A L

4.3 Sequent Calculus With Cut

Theorem 8 lets us define a second sequent system with cut which is equivalent to the

previous system. We write Γ; ∆; Ω+

=⇒ A to denote a sequent derivation of A which

may contain all of the previous sequent rules in addition to the three types of cut:

Γ; ∆C ; ΩC+

=⇒ C Γ; ∆; ΩLCΩR+

=⇒ ACutΩ

Γ; ∆C ./ ∆; ΩLΩCΩR+

=⇒ A

62

ΓL; ·; · +=⇒ C ΓLCΓR; ∆; Ω

+=⇒ A

CutΓ

ΓLΓR; ∆; Ω+

=⇒ A

Γ; ∆C; · +=⇒ C Γ; ∆LC∆R; Ω

+=⇒ A

Cut∆

Γ; (∆L ./ ∆C)∆R; Ω+

=⇒ A

Then cut elimination follows directly.

Theorem 9 (Cut Elimination) If Γ; ∆; Ω+

=⇒ A then Γ; ∆; Ω =⇒ A.

Proof: By structural induction on the given derivation. In the case of a cut we

appeal to the induction hypothesis on both premises and then to admissibility of cut

on the resulting cut-free derivations.

63

64

Chapter 5

Normalization for Ordered Linear

Logic

At this point, we have introduced four1 different logical systems– two natural deduc-

tion systems and two sequent calculi. Additionally two of the systems are restricted

versions of their respective counterparts. We have been referring (at times tacitly) to

all the systems as presentations of ordered linear logic. It is now time to justify this

claim. In this chapter we will formally show the correspondences between the systems

of natural deduction and sequent calculus. Our methods extend [20] to cover ordered

linear logic. Figure 5.1 provides a map of the relationships between the systems.

We first show how the cut-free sequent system corresponds to the normal nat-

ural deduction system. We have already remarked that normal natural deductions

are those where the top-down use of elimination rules meets the bottom-up use of

introduction rules in the middle:yelimcoercionxintro

In a sequent system we reason entirely bottom up: the top-down uses of elimination

rules are turned around and become bottom-up uses of the left rules. The right rules

correspond directly to the introduction rules. They meet, not in the middle, but at

the initial sequents:initxleft =⇒

xright

1five if the directed natural deduction system, `+, is considered different from the original natural

deduction system

65

Directed ND SC w/ Cut

Γ; ∆; Ω ` A ≡ Γ; ∆; Ω `+ A ↑Thm 13=⇒⇐=

Thm 12

Γ; ∆; Ω+

=⇒ A

Normalization

yxinjection Cut elim.

yx injection

Γ; ∆; Ω ` A ↑Thm 11=⇒⇐=

Thm 10

Γ; ∆; Ω =⇒ A

normal ND cut-free SC

Figure 5.1: Correspondences

66

5.1 Normal Deductions and Cut-Free Sequents

We now formally state the soundness of cut-free sequents with respect to normal

natural deductions.

Theorem 10 Γ; ∆; Ω =⇒ A implies Γ; ∆; Ω ` A ↑

Proof: By structural induction on the given derivation. init rules are mapped to

instances of coercion; place and copy rules are mapped to instances of the sub-

stitution principles; right rules are mapped to introduction rules; and left rules are

mapped to elimination rules using the substitution principles when necessary. Note

that the resulting derivation is normal, despite the use of the substitution principles,

since we use it in the form of Lemma 4.


case:init

Γ; ·;A =⇒ A

ThenΓ; ·;A ` A ↓ ohyp

Γ; ·;A ` A ↑ coercion

case:

Γ; ∆L∆R; ΩLAΩR =⇒ Bplace

Γ; ∆LA∆R; ΩLΩR =⇒ B

ThenΓ; ∆L∆R; ΩLAΩR ` B ↑ ind. hyp.

Γ;A; · ` A ↓ lhyp

Γ; ∆LA∆R; ΩLΩR ` B ↑ lemma 4

case:

Γ; ∆; ΩA =⇒ B RΓ; ∆; Ω =⇒ AB

ThenΓ; ∆; ΩA ` B ↑ ind. hyp.

Γ; ∆; Ω ` AB I

67

case:

Γ; ∆; ΩLBΩR =⇒ C Γ; ∆A; ΩA =⇒ ALΓ; ∆ ./ ∆A; ΩL(AB)ΩAΩR =⇒ C

ThenΓ; ∆; ΩLBΩR ` C ↑ ind. hyp.

Γ; ∆A; ΩA ` A ↑ ind. hyp.

Γ; ·;AB ` AB ↓ ohyp

Γ; ∆A; (AB)ΩA ` B ↓ E

Γ; ∆ ./ ∆A; ΩL(AB)ΩAΩR ` C ↑ lemma 4

In the opposite direction we first need to generalize the induction hypothesis to

make the proper statement about the atomic deduction—otherwise our induction

would break down at the first coercion.


1. Γ; ∆; Ω ` A ↑ implies Γ; ∆; Ω =⇒ A

2. Γ; ∆; Ω ` A ↓ and Γ; ∆C ; ΩLAΩR =⇒ C implies Γ; ∆C ./∆; ΩLΩΩR =⇒ C.

Proof: By structural induction on the given derivations. Instances of coercion

translate to uses of the init rule from the result of the induction hypothesis. In-

troduction rules are mapped to right rules. Elimination rules are mapped to sequent

derivations constructed from the corresponding left rule and the result of an appeal

to the induction hypothesis.


case:ohyp

Γ; ·;A ` A ↓

Γ; ∆C ; ΩLAΩR =⇒ C assumption

case:lhyp

Γ;A; · ` A ↓Then

Γ; ∆C; ΩLAΩR =⇒ C assumption

Γ; ∆CLA∆CR; ΩLΩR =⇒ C place

where ∆C = ∆CL∆CR

68

case:

Γ; ∆; Ω ` AB ↓ Γ; ∆A; ΩA ` A ↑EΓ; ∆ ./ ∆A; ΩΩA ` B ↓

Then

Γ; ∆C ; ΩLBΩR =⇒ C assumption

Γ; ∆A; ΩA =⇒ A ind. hyp.

Γ; ∆A ./∆C; ΩL(AB)ΩAΩR =⇒ C L

Γ; ∆ ./ ∆A ./∆C ; ΩLΩΩAΩR =⇒ C ind. hyp.

case:

Γ; ∆; Ω ` A ↓coercion

Γ; ∆; Ω ` A ↑Then

Γ; ·;A =⇒ A init

Γ; ∆; Ω =⇒ A ind. hyp.

case:

Γ; ∆; ΩA ` B ↑ IΓ; ∆; Ω ` AB ↑

ThenΓ; ∆; ΩA =⇒ B ind. hyp.

Γ; ∆; Ω =⇒ AB R

We remark that the mapping just shown takes init sequents to coercion rules.

This gives further credence to our intuition on the relation between normal deductions

and cut-free proofs. The coercion rule represents the end of a normal proof from an

operational viewpoint just as the init sequents represent the end of a sequent proof.

The proofs above are constructive and inherently contain a method for translation

between sequent derivations in ordered linear logic and natural deductions. Although

the correspondence is very close, it is not a bijection, because the order in which left

rules are applied in a sequent derivation may be irrelevant to the resulting natural

deduction. If one wants to establish a bijection, one has to further restrict the sequent

rules. This has been investigated by Herbelin [25] for intuitionistic logic.

69

5.2 Directed Deductions and Sequents with Cut

We now show that this correspondence extends to directed natural deductions (using

the `+ judgements) and sequents with explicit cut rules (using the+

=⇒ sequents).

Specifically, coercing a normal derivation into an atomic derivation will correspond

to using cut in the sequent calculus.

Theorem 12 Γ; ∆; Ω+

=⇒ A implies Γ; ∆; Ω `+ A ↑

Proof: By induction on structure of the given derivation. The proof is exactly the

same as the proof of theorem 10 with three additional cases. The cut rules are

translated into a lemma rule followed by an appeal to the substitution principles.

We show the new cases.

case:

Γ; ∆A; ΩA+

=⇒ A Γ; ∆; ΩLAΩR+

=⇒ CCutΩ

Γ; ∆ ./ ∆A; ΩLΩAΩR+

=⇒ C

ThenΓ; ∆; ΩLAΩR `+ C ↑ ind. hyp.

Γ; ∆A; ΩA `+ A ↑ ind. hyp.

Γ; ∆A; ΩA `+ A ↓ rule lemma

Γ; ∆ ./ ∆A; ΩLΩAΩR `+ C ↑ lemma 4

case:

Γ; ∆A; · +=⇒ A Γ; ∆LA∆R; Ω

+=⇒ C

Cut∆

Γ; ∆L ./∆A ./∆A; Ω+

=⇒ C

ThenΓ; ∆LA∆R; Ω `+ C ↑ ind. hyp.

Γ; ∆A; · `+ A ↑ ind. hyp.

Γ; ∆A; · `+ A ↓ rule lemma

Γ; ∆L ./ ∆A ./∆R; Ω `+ C ↑ lemma 4

70

case:

Γ; ·; · +=⇒ A ΓLAΓR; ∆; Ω

+=⇒ C

CutΓ

ΓLΓΓR; ∆; Ω+

=⇒ C

ThenΓLAΓR; ∆; Ω `+ C ↑ ind. hyp.

ΓLΓAΓR; ∆; Ω `+ C ↑ lemma 3

Γ; ·; · `+ A ↑ ind. hyp.

Γ; ·; · `+ A ↓ rule lemma

ΓLΓ; ·; · `+ A ↓ lemma 3

ΓLΓΓR; ∆; Ω `+ C ↑ lemma 4


1. Γ; ∆; Ω `+ A ↑ implies Γ; ∆; Ω+

=⇒ A

2. Γ; ∆; Ω `+ A ↓ and Γ; ∆C ; ΩLAΩR+

=⇒ C implies Γ; ∆C ./∆; ΩLΩΩR+

=⇒ C

Proof: By induction on structure of the given derivations. The proof is exactly the

same as the proof of theorem 11 with one additional case: from the lemma coercion

we construct a use of the CutΩ rule.

case:

Γ; ∆; Ω `+ A ↑lemma

Γ; ∆; Ω `+ A ↓Then

Γ; ∆C; ΩLAΩR+

=⇒ C assumption

Γ; ∆; Ω+

=⇒ A ind. hyp.

Γ; ∆ ./∆C; ΩLΩΩR+

=⇒ C CutΩ

5.3 Normalization

The previous observations give a syntactic proof of normalization of the natural de-

duction system.

Theorem 14 (Normalization) Γ; ∆; Ω ` A iff Γ; ∆; Ω ` A ↑.

71

Proof: Given Γ; ∆; Ω ` A, we know Γ; ∆; Ω `+ A ↑ from Theorem 6. Then Γ; ∆; Ω+

=⇒ A

from Theorem 13. Then Γ; ∆; Ω =⇒ A from Theorem 9 (Cut Elimination). Then

Γ; ∆; Ω ` A ↑ from Theorem 10. The other direction is the contents of Theorem 5.

This concludes the basic development of ordered linear logic. We have constructed

the logic from the basic notion of a hypothetical judgement and an analysis of the

structural properties of hypotheses. We exhibited a natural deduction system for the

logic and argued that the system is coherent by proving a normalization result. We

also presented a sequent calculus for the logic, corresponding to the natural deduction

system, and a cut-elimination result.

72

Part II


Programming

73

Chapter 6

Uniform Derivations

We now turn our attention to proof search in ordered linear logic (OLL). All of the

analysis in this chapter will use the sequent calculus of Chapter 4 which is better

suited, by allowing direct manipulation of hypotheses, to examining proof search

than the natural deduction system.

Our analysis aims at achieving a logic programming language, where we view

computation as the bottom-up construction of a derivation. The difficulty with the

sequent system, as given, is that in any situation many left or right rules can be ap-

plied, leading to unacceptable non-determinism. To solve this problem, we design an

alternative, more restricted system with the following properties (which are enforced

syntactically):

• Derivations are goal-directed in that a derivation of a sequent with a non-atomic

goal1 always ends in a right rule. This allows us to view logical connectives in

goals as search instructions.

• Derivations are focussed in that when deriving a sequent with an atomic goal

we single out a particular hypothesis and apply a sequence of left rules until it

is also atomic and immediately implies the goal. This allows us to view atomic

goals as procedure calls.

In a minor departure from [37] we call derivations which are both goal-directed and

focussed uniform.

1We refer to the succedent of a given sequent as the goal.

75

This chapter identifies the uniform fragment of ordered linear logic, the fragment

of the logic for which uniform proofs are complete, and proves that this fragment

may be thought of as an abstract logic programming language [37], i.e., goal-directed

and focussed proof search is complete for the fragment. In subsequent chapters we

will further analyse the uniform fragment to obtain a concrete logic programming

language. Furthermore, the uniform fragment is of additional interest since it exactly

corresponds to the canonical fragment of an ordered lambda calculus which serves as

the basis for a logical framework2.

6.1 Uniform Fragment

In this section we identify the goal-directed fragment of ordered linear logic. As

one can write a focussing derivation system for the entire logic3, goal-directedness

characterizes the uniform fragment. Clearly the entire logic is not goal-directed,

consider the sequent

·; ·;A •B −→ A •B

whose derivation is either an init rule (which is not goal-directed since the goal is

non-atomic) or requires applying the •L rule below the •R rule.

As it turns out, the uniform fragment of OLL is:

Uniform Formulas A ::= P atomic propositions

| A→B unrestricted implication

| A−B linear implication

| AB ordered right implication

| A B ordered left implication

| A&B additive conjunction

| > additive unit

| ∀x. A universal quantifier

which is the uniform fragment of linear logic extended with ordered implications.

That no other connectives are goal-directed may be seen from examining derivations

of the form ·; ·;C −→ C similarly to the previous example.

We now formally state and prove the goal-directedness property.

2see chapters 12 and 133The techniques in [3] for full linear logic are easily extended to OLL.

76

Lemma 15 (Goal-Directedness) The following all hold:

1. Γ; ∆; Ω =⇒ A→B implies ΓA; ∆; Ω =⇒ B

2. Γ; ∆; Ω =⇒ A−B implies Γ; ∆A; Ω =⇒ B

3. Γ; ∆; Ω =⇒ AB implies Γ; ∆; ΩA =⇒ B

4. Γ; ∆; Ω =⇒ AB implies Γ; ∆;AΩ =⇒ B

5. Γ; ∆; Ω =⇒ A&B implies Γ; ∆; Ω =⇒ A and Γ; ∆; Ω =⇒ B

6. Γ; ∆; Ω =⇒ ∀x. A implies Γ; ∆; Ω =⇒ A[a/x] where a is fresh.

Proof: By using Theorem 8 (admissibility of the cut rules) we can use the given

derivation to directly construct the result. We show a representative case.

case:

DΓ; ∆; Ω =⇒ AB

Then

DΓ; ∆; Ω =⇒ AB

initΓ; ·;A =⇒ A

initΓ; ·;B =⇒ B

LΓ; ·; (AB)A =⇒ B

CutΩΓ; ∆; ΩA =⇒ B

6.2 Uniform Derivation System

Uniform derivations may now be conceived as a focussing system for the uniform

fragment which forces right rules to appear below left rules along the major branch

of a proof.

We formalize our system with two judgements:

Γ; ∆; Ω −→ A goal A is uniformly derivable

Γ; ∆; (ΩL; ΩR) −→ A P hypothesis A immediately entails atomic goal P

77

where Γ, ∆ and Ω are unrestricted, linear, and ordered hypotheses, respectively. In

the latter judgment the ordered hypotheses are syntactically divided into a left part

ΩL and a right part ΩR. It corresponds to the sequent

Γ; ∆; (ΩLAΩR) =⇒ P

so that the split in the ordered context tracks the location of the hypothesis we have

focused on. This correspondence is stated formally in the soundness and completeness

theorems for uniform derivations below.

All of the right rules are exactly the same as in the sequent calculus. Since no left

rules apply when the goal is non-atomic, the derivation is completely determined by

the structure of the goal, as desired.

ΓA; ∆; Ω −→ B →R

Γ; ∆; Ω −→ A→B

Γ; ∆A; Ω −→ B−R

Γ; ∆; Ω −→ A −B

Γ; ∆; ΩA −→ BR

Γ; ∆; Ω −→ AB

Γ; ∆;AΩ −→ BR

Γ; ∆; Ω −→ AB

Γ; ∆; Ω −→ A Γ; ∆; Ω −→ B&R

Γ; ∆; Ω −→ A& B>R

Γ; ∆; Ω −→ >

Γ; ∆; Ω −→ A[a/x]∀aR

Γ; ∆; Ω −→ ∀x. A

When the goal has become atomic, we need to single out a hypothesis and deter-

mine if it immediately entails the goal. This is achieved by the three choice rules

which apply to unrestricted, linear, or ordered hypotheses.

ΓLAΓR; ∆; (ΩL; ΩR) −→ A PchoiceΓ

ΓLAΓR; ∆; ΩLΩR −→ P

Γ; ∆L∆R; (ΩL; ΩR) −→ A Pchoice∆

Γ; ∆LA∆R; ΩLΩR −→ P

Γ; ∆; (ΩL; ΩR) −→ A PchoiceΩ

Γ; ∆; ΩLAΩR −→ P

choiceΓ is justified by copy in the sequent calculus, and choice∆ by place.

The premise and conclusion of choiceΩ correspond to identical sequents. An initial

sequent corresponds to an immediate entailment between identical atomic formulas.

initΓ; ·; (·; ·) −→ P P

78

The remaining left rules for immediate entailment directly correspond to the left

sequent rules, keeping in mind that we have to consider the focussing formula as being

between the left and right parts of the ordered context.

Γ; ∆; (ΩL; ΩR) −→ B P Γ; ·; · −→ A→L

Γ; ∆; (ΩL; ΩR) −→ A→B P

Γ; ∆B; (ΩL; ΩR) −→ B P Γ; ∆A; · −→ A−L

Γ; ∆A ./∆B; (ΩL; ΩR) −→ A −B P

Γ; ∆B; (ΩL; ΩR) −→ B P Γ; ∆A; ΩA −→ AL

Γ; ∆A ./∆B; (ΩL; ΩAΩR) −→ AB P

Γ; ∆B; (ΩL; ΩR) −→ B P Γ; ∆A; ΩA −→ AL

Γ; ∆A ./∆B ; (ΩLΩA; ΩR) −→ AB P

Γ; ∆; (ΩL; ΩR) −→ A P&L1

Γ; ∆; (ΩL; ΩR) −→ A &B P

Γ; ∆; (ΩL; ΩR) −→ B P&L2

Γ; ∆; (ΩL; ΩR) −→ A& B P

Γ; ∆; (ΩL; ΩR) −→ A[t/x] P∀L

Γ; ∆; (ΩL; ΩR) −→ ∀x. A P

In the uniform system, we rewrite our sample parsing proof from Chapter 4 as

follows:

Γ = [(np vp snt) (tv np vp) (loves tv) (mary np) (bob np)]

initΓ; ·; (·; ·)−→ snt snt

Θ

Γ; ·; loves bob −→ vpL

Γ; ·; (·; loves bob) −→ (vp snt) snt

Θmary

Γ; ·; mary −→ npL

Γ; ·; (·; mary loves bob) −→ np vp snt sntchoiceΓ

Γ; ·; mary loves bob −→ snt

79

where Θ =

initΓ; ·; (·; ·)−→ vp vp

Θbob

Γ; ·; bob −→ npL

Γ; ·; (·; bob) −→ np vp vp

Θloves

Γ; ·; loves −→ tvL

Γ; ·; (·; loves bob) −→ tv np vp vpchoiceΓ

Γ; ·; loves bob −→ vp

where Θbob =

initΓ; ·; (·; ·)−→ np np

initΓ; ·; (·; ·)−→ bob bob

choiceΩΓ; ·; bob−→ bob

LΓ; ·; (·; bob) −→ bob np np

choiceΓΓ; ·; bob −→ np

and Θmary,Θloves are similar.

Unlike the example given in Chapter 4, this is the only proof of the end-sequent.

The first choice is forced since np vp snt is the only formula in Γ whose head,

snt, matches the goal. The same is true for all the other choices made.

We now show that uniform derivations are sound and complete with respect to

the sequent calculus. The soundness result is easy to show.

Theorem 16 (Soundness of Uniform Derivations)

1. If Γ; ∆; Ω −→ A then Γ; ∆; Ω =⇒ A.

2. If Γ; ∆; (ΩL; ΩR) −→ A P then Γ; ∆; ΩLAΩR =⇒ P .

Proof: By mutual structural induction on the derivations of the given judgements

using the correspondences mentioned throughout this section.

The completeness result is harder, but largely follows techniques of [3] and [37],

adapted to the ordered case. The main difficulty arises from the mismatch between

the left rules of the uniform system and the original sequent system. Therefore we will

need to show how to construct a uniform derivation whose premises and conclusion

80

match those of the sequent system’s left rules. To be concrete, suppose we have

derivations of

Γ; ∆; ΩLBΩR −→ C and Γ; ∆A; ΩA −→ A

then we need to show that we can construct a derivation of

Γ; ∆ ./ ∆A; ΩL(AB)ΩAΩR −→ C

in order to show completeness of the uniform derivation system.

We will have to form so called “inversion” principles for each connective in the

uniform system. The proofs for these inversion principles are non-trivial. Lemma 17,

and its proof, presents a detailed proof of the inversion principle for . Lemma 18

then states all of the necessary inversion principles, each of which may be proven

similarly to Lemma 17.

Lemma 17

1. Γ; ∆; ΩLBΩR −→ C and Γ; ∆A; ΩA −→ A

implies Γ; ∆ ./ ∆A; ΩLΩA(A B)ΩR −→ P .

2. Γ; ∆; (ΩLLBΩLR; ΩR) −→ C P and Γ; ∆A; ΩA −→ A

implies Γ; ∆ ./ ∆A; (ΩLLΩA(A B)ΩLR; ΩR) −→ C P .

3. Γ; ∆; (ΩL; ΩRLBΩRR) −→ C P and Γ; ∆A; ΩA −→ A

implies Γ; ∆ ./ ∆A; (ΩL; ΩRLΩA(AB)ΩRR) −→ C P .

Proof: By mutual induction on the structure of the given derivations.

Assume Γ; ∆A; ΩA −→ A.

part 1:

Cases when C is atomic (i.e. C = P ).

Assume

Π

Γ; ∆; ΩLBΩR −→ P . Then there are 7 possibilities for Π:

case 1: Π ends with choiceΩ and Γ; ∆; (ΩL; ΩR) −→ B P

Then

Γ; ∆ ./ ∆A; (ΩLΩA; ΩR) −→ AB P L

Γ; ∆ ./ ∆A; ΩLΩA(AB)ΩR −→ P choiceΩ

81

case 2: Π ends with choiceΩ and Γ; ∆; (ΩLL; ΩLRBΩR) −→ C P

where ΩL = ΩLLCΩLR.

Then

Γ; ∆ ./ ∆A; (ΩLL; ΩLRΩA(AB)ΩR) −→ C P ind. hyp.

Γ; ∆ ./ ∆A; ΩLLCΩLRΩA(A B)ΩR −→ P choiceΩ

case 3: Π ends with choiceΩ and Γ; ∆; (ΩLBΩRL; ΩRR) −→ C P

where ΩR = ΩRLCΩRR.

Then

Γ; ∆ ./ ∆A; (ΩLΩA(A B)ΩRL; ΩRR) −→ C P ind. hyp.

ΩLΩA(AB)ΩRLCΩRR −→ P choiceΩ

cases 4,5,6,7 : Π ends with choice∆ (2 cases) or choiceΓ (2 cases).

Similar to previous two cases.

Cases when C is non-atomic.

case:

Γ; ∆; ΩLBΩRC1 −→ C2 RΓ; ∆; ΩLBΩR −→ C1 C2

Then

Γ; ∆ ./ ∆A; ΩLΩA(A B)ΩRC1 −→ C2 ind. hyp.

Γ; ∆ ./ ∆A; ΩLΩA(A B)ΩR −→ C1 C2 R

cases for other connectives are similar.

part 2: Assume Γ; ∆; (ΩLLBΩLR; ΩR) −→ C P . Note that C cannot be atomic

since the ordered context is not empty.

case: C = C1C2 and ∆ = ∆2 ./ ∆1 and ΩLR = ΩLRLΩLRR and

Γ; ∆2; (ΩLLBΩLRL; ΩR) −→ C2 P and Γ; ∆1; ΩLRR −→ C1.

Then

Γ; ∆1 ./ ∆A; (ΩLLΩA(A B)ΩLRL; ΩR) −→ C2 P ind. hyp.

Γ; ∆ ./ ∆A; (ΩLLΩA(A B)ΩLRLΩLRR; ΩR) −→ C1C2 P L

case: C = C1C2 and ∆ = ∆2 ./ ∆1 and ΩLL = ΩLLLΩLLR and

Γ; ∆2; (ΩLLL; ΩR) −→ C2 P and Γ; ∆1; ΩLLRBΩLR −→ C1.

Then

82

Γ; ∆1 ./ ∆A; ΩLLRΩA(A B)ΩLR −→ C1 ind. hyp.

Γ; ∆ ./ ∆A; (ΩLLLΩLLRΩA(AB)ΩLR; ΩR) −→ C1 C2 P L

case: C = C1 C2 and ∆ = ∆2 ./ ∆1 and ΩR = ΩRLΩRR and

Γ; ∆2; (ΩLLBΩLR; ΩRR) −→ C2 P and Γ; ∆1; ΩRL −→ C1.

Then

Γ; ∆2 ./ ∆A; (ΩLLΩA(A B)ΩLR; ΩRR) −→ C2 P ind. hyp.

Γ; ∆ ./ ∆A; (ΩLLΩA(AB)ΩLR; ΩRLΩRR) −→ C1 C2 P L

cases: C = C1 − C2, C = C1→ C2, C = C1 & C2, C = ∀x. C ′

Similar to previous cases.

part 3: Assume Γ; ∆; (ΩL; ΩRLBΩRR) −→ C P .

Then can be proven with reasoning symmetric to part 2.

We now state all the inversion principles needed to prove completeness.

Lemma 18 (Inversion) The following all hold:

1. Γ; ∆; ΩLBΩR −→ C and Γ; ∆A; ΩA −→ A implies

Γ; ∆ ./ ∆A; ΩLΩA(A B)ΩR −→ C.

2. Γ; ∆; ΩLBΩR −→ C and Γ; ∆A; ΩA −→ A implies

Γ; ∆ ./ ∆A; ΩLΩA(AB)ΩR −→ C.

3. Γ; ∆; ΩLBΩR −→ C and Γ; ∆A; · −→ A implies

Γ; ∆ ./ ∆A; ΩL(A−B)ΩR −→ C.

4. Γ; ∆; ΩLBΩR −→ C and Γ; ·; · −→ A implies

Γ; ∆; ΩL(A→B)ΩR −→ C.

5. Γ; ∆; ΩLAΩR −→ C implies Γ; ∆; ΩL(A&B)ΩR −→ C

6. Γ; ∆; ΩLBΩR −→ C implies Γ; ∆; ΩL(A&B)ΩR −→ C

83

7. Γ; ∆; ΩLA[t/x]ΩR −→ C implies Γ; ∆; ΩL(∀x. A)ΩR −→ C

8. Γ; ∆L∆R; ΩLAΩR −→ C implies Γ; ∆LA∆R; ΩLΩR −→ C.

9. ΓLAΓR; ∆LA∆R; Ω −→ C implies ΓLAΓR; ∆L∆R; Ω −→ C.

Proof: Part 1 is immediate from the previous lemma. The other parts are similarly

proved.

We may now easily prove the completeness result.

Theorem 19 (Completeness of Uniform Derivations) :

Γ; ∆; Ω =⇒ A implies Γ; ∆; Ω −→ A.

Proof: By induction on the structure of the given derivation:

case:init

Γ; ·;P =⇒ P Then

initΓ; ·; (·; ·) −→ P P

choiceΩΓ; ·;P −→ P

case:

Γ; ∆;AΩ =⇒ B RΓ; ∆; Ω =⇒ AB

ThenΓ; ∆;AΩ −→ B ind. hyp.

Γ; ∆; Ω −→ A B R

cases: R,−R,→R, &R, ∀R all similar to previous case.

case:

Γ; ∆B; ΩLBΩR =⇒ C Γ; ∆A; ΩA =⇒ ALΓ; ∆B ./∆A; ΩLΩA(AB)ΩR =⇒ C

Then

Γ; ∆B ; ΩLBΩR −→ C and Γ; ∆A; ΩA −→ A ind. hyp.

Γ; ∆B ./∆A; ΩLΩA(AB)ΩR −→ C lemma 18

cases: L,−L,→L,&Li,∀L,copy,place all similar to previous case.

84

We have now shown that ordered linear logic qualifies as an abstract logic pro-

gramming language in the sense of [37]. However, directly coding up the uniform

derivation system will result in hopelessly slow code due to the non-determinism still

present in the inference rules. Even though the derivation system is goal-directed,

many unspecified choices will be encountered during a bottom-up proof search.

A major source of non-determinism involves choosing which formula to focus on,

and occurs in rules: choicex, and &Lx. It is impossible to completely eliminate this

type of non-determinism (at least while staying within the bounds of logic program-

ming). Most of the remaining non-determinism can be effectively removed from the

system using standard techniques from logic programming. We can fix an order for

proving each premise of of a multi-premise rule. We can remove existential choices,

the need to pick a term in the ∀L rule, by introducing logic variables and unification.

After taking the above measures, the only non-determinism yet to consider comes

from the need to split4 the linear and ordered contexts, and occurs in rules: choiceΓ,

choice∆,L,L, and −L. The non-determinism of theL,L and −L rules can

be handled with a non-trivial extension of the input-ouput model used by Lolli and

LLF for linear logic; Chapter 8 provides the details. However, the non-deterministic

context splits in the choiceΓ and choice∆ rules are not amenable to the same

treatment. Therefore, we first explain, in Chapter 7, how to transform this non-

determinism into a form which can be treated with the techniques of Chapter 8.

4Remember we are considering bottom-up proof search.

85

86

Chapter 7

Residuation

As mentioned in the previous chapter, the non-deterministic context splits in the

choiceΓ and choice∆ rules is different than that in the L,L and −L rules. The

former rules simply pick an arbitrary point at which the ordered context is to be

split; while the latter rules actually divide the ordered (and linear) context between

two premises. Note that the former context splitting arises from the need to fix the

position of a non-ordered hypothesis in the ordered context.

It turns out that the sub-goals of a non-ordered formula place constraints upon

where the formula must be located in the ordered context. Consider the following

derivable sequent:

·;ABC;BA −→ C

The requires that A be to the right of A B C; similarly B must be to its

left. Thus a derivation of this sequent requires ABC to be placed in between

the A and B in the ordered context. Using these observations, we may constrain the

position of a non-ordered focus formula while solving its subgoals.

This chapter shows exactly how this process works. We first expand the formula

language to allow restricted occurrences of the non-uniform connectives which main-

tain goal-directedness. We then use this expanded formula language to remove the

non-deterministic context splits in the choiceΓ and choice∆ rules.

87

7.1 Extended Uniform Derivations

As mentioned in section 6.1, the connectives outside the uniform fragment are not

goal-directed. However, we can allow restricted occurrences of non-uniform connec-

tives, without compromising uniformity. Specifically, we can separate formulas into

goal formulas, which may appear on the right of a sequent (i.e., positively), and

clause formulas which may appear to the left of a sequent (i.e., negatively). It turns

out that allowing positive occurrences, and forbidding negative occurences, of non-

uniform connectives does not affect goal-directedness.

Clause Formulas D ::= P atomic propositions

| G→D unrestricted implication

| G−D linear implication

| GD ordered right implication

| GD ordered left implication

| D1 &D2 additive conjunction

| > additive unit

| ∀x. D universal quantifier

Goal Formulas G ::= P atomic propositions

| D→G unrestricted implication

| !G unrestricted modality

| D −G unrestricted implication

| ¡G linear modality

| DG ordered right implication

| DG ordered left implication

| G1 •G2 right multiplicative conjuction

| G1 G2 left multiplicative conjuction

| 1 multiplicative unit

| G1 &G2 additive conjunction

| > additive unit

| G1 ⊕G2 multiplicative disjunction

| 0 multiplicative falsehood

| ∀x. G universal quantifier

| ∃x. G existential quantifier

88

For the rest of this chapter, and the subsequent ones dealing with logic program-

ming, we shall take care to maintain the distinction between clause formulas, G, and

goal formulas, D. We now explicitly show the complete extended uniform derivation

rules.

We have two types of mutually dependent sequents to capture uniform (i.e. fo-

cussing and goal-directed) derivations:

Γ; ∆; Ω −→ G uniform derivability

Γ; ∆; (ΩL; ΩR) −→ D P immediate entailment

where Γ,∆,Ω,ΩL, and ΩR are lists of clause formulas.

Here are the inference rules for extended uniform derivations:

1RΓ; ·; · −→ 1

Γ; ·; · −→ G!R

Γ; ·; · −→ !G

Γ; ∆; · −→ G¡R

Γ; ∆; · −→ ¡G

ΓD; ∆; Ω −→ G →RΓ; ∆; Ω −→ D→G

Γ; ∆D; Ω −→ G−R

Γ; ∆; Ω −→ D − G

Γ; ∆; ΩD −→ GR

Γ; ∆; Ω −→ DG

Γ; ∆;DΩ −→ GR

Γ; ∆; Ω −→ DG

Γ; ∆1; Ω1 −→ G1 Γ; ∆2; Ω2 −→ G2 •RΓ; ∆1 ./∆2; Ω1Ω2 −→ G1 •G2

Γ; ∆1; Ω1 −→ G1 Γ; ∆2; Ω2 −→ G2 RΓ; ∆1 ./∆2; Ω2Ω1 −→ G1 G2

Γ; ∆; Ω −→ G1 ⊕R1Γ; ∆; Ω −→ G1 ⊕G2

Γ; ∆; Ω −→ G2 ⊕R2Γ; ∆; Ω −→ G1 ⊕G2 no 0R rule

Γ; ∆; Ω −→ G1 Γ; ∆; Ω −→ G2&R

Γ; ∆; Ω −→ G1 &G2

>RΓ; ∆; Ω −→ >

Γ; ∆; Ω −→ G[g/x]∀aR

Γ; ∆; Ω −→ ∀x. G(a not free in conclusion)

Γ; ∆; Ω −→ G[t/x]∃R

Γ; ∆; Ω −→ ∃x. G

89

ΓLDΓR; ∆; (ΩL; ΩR) −→ D PchoiceΓ

ΓLDΓR; ∆; ΩLΩR −→ P

Γ; ∆L∆R; (ΩL; ΩR) −→ D Pchoice∆

Γ; ∆LD∆R; ΩLΩR −→ P

Γ; ∆; (ΩL; ΩR) −→ D PchoiceΩ

Γ; ∆; ΩLDΩR −→ P

initΓ; ·; (·; ·) −→ P P

Γ; ∆; (ΩL; ΩR) −→ D1 P&L1

Γ; ∆; (ΩL; ΩR) −→ D1 &D2 P

Γ; ∆; (ΩL; ΩR) −→ D2 P&L1

Γ; ∆; (ΩL; ΩR) −→ D1 &D2 P

Γ; ∆; (ΩL; ΩR) −→ D[t/x] P∀L

Γ; ∆; (ΩL; ΩR) −→ ∀x. D P

Γ; ∆; (ΩL; ΩR) −→ D P Γ; ·; · −→ G→L

Γ; ∆; (ΩL; ΩR) −→ G→D P

Γ; ∆; (ΩL; ΩR) −→ D P Γ; ∆G; · −→ G−L

Γ; ∆ ./∆G; (ΩL; ΩR) −→ G−D P

Γ; ∆; (ΩL; ΩR) −→ D P Γ; ∆G; ΩG −→ GL

Γ; ∆ ./∆G; (ΩL; ΩGΩR) −→ GD P

Γ; ∆; (ΩL; ΩR) −→ D P Γ; ∆G; ΩG −→ GL

Γ; ∆ ./∆G; (ΩLΩG; ΩR) −→ GD P

We can now state the correctness of this system.

Theorem 20 (Soundness of Extended Uniform Derivations)

1. Γ; ∆; Ω −→ G implies Γ; ∆; Ω =⇒ G.

90

2. Γ; ∆; (ΩL; ΩR) −→ G P implies Γ; ∆; ΩLGΩR =⇒ P .

where only clause formulas occur in each context.

Proof: By mutual structural induction on the derivations of the given judgements.

Theorem 21 (Completeness of Uniform Derivations)

Γ; ∆; Ω =⇒ G implies Γ; ∆; Ω −→ G

where only clause formulas occur in each context.

Proof: We may use the proof of theorem 19. We need only add cases for the non-

uniform connectives; each of which is simply an appeal to the induction hypothesis

since non-uniform connectives only appear positively.

From this point forward, we will assume that all contexts only contain clause

formulas.

7.2 Residuation of Mobile Hypotheses

Recall from chapter 6 our interpretation of goals as search instructions. Following

this lead, we may interpret clause formulas as compound search instructions, since

all of the subgoals must be solved in order to successfully use a hypothesis. To better

illustrate, consider:

·;P1 P2 P ;P2P1 −→ P

whose derivation is:

init·; ·; (·; ·) −→ P P

...

·; ·;P2 −→ P2L

·; ·; (P2; ·) −→ P2 P P

...

·; ·;P1 −→ P1L

·; ·; (P2;P1) −→ P1 P2 P Pchoice∆·;P1 P2 P ;P2P1 −→ P

Both P1 and P2 must be derived in order to successfully use P1 P2 P . Further

more, we know, from the and that the ordered hypotheses used to prove P2

91

must be to the left of those used to solve P1. But this is exactly what the connective

requires. Thus we could think about changing the above derivation into something

like the following:

...

·; ·;P2 −→ P2

...

·; ·;P1 −→ P1R

·; ·;P2P1 −→ P1 P2choice′∆·;P1 P2 P ;P2P1 −→ P

where we have transformed the two subgoals, P1 and P2, into a new compound sub-

goal, P1 P2. We call this sort of transformation residuation.

It turns out that mobile hypotheses, hypotheses in the unrestricted and linear

contexts, can be residuated (logically compiled) into goal formulas (with some minor

extensions) following the general development in [9]. This observation will allow us to

focus on unrestricted formulas without having to split the ordered context. Rather,

the splitting will be delayed and taken care of by the multiplicative conjunction rules,

which can be handled similarly to the L, L, and −L rules as explained in chap-

ter 8.

First we extend goal formulas with an atomic equality:

Goal Formulas G ::= . . . | P1.= P2 Equality

then add a new inference rule:.=R

Γ; ·; · r−→ P.= P

We need only add a right rule for this new connective since it is a goal formula.

We now present a residuation derivation system, which is sound and complete wrt

uniform derivations, in which the ordered context need not be split when focusing on

an unrestricted formula. This derivation system will consist of two types of sequent

Γ; ∆; Ωr−→ G

Γ; ∆; (ΩL; ΩR)r−→ D P

which exactly match their uniform counterparts, except as noted below, plus the new

judgement

G′;D P \ G

92

which shall be used to residuate clause formulas into goal formulas. In this new judge-

ment, G′, D, and P are considered input and G is considered the output; specifically,

G′ is an accumulating result (goal formula), D is the formula being residuated, P is

the atom which must match the head1 of D, and G is the resulting goal formula.

We use the following inference rules for the new judgements:

G;P ′ P \ (P ′.= P ) •G G;> P \ 0

G′;D1 P \ G1 G′;D2 P \ G2

G′;D1 &D2 P \ G1 ⊕G2

(!G1) •G′;D P \ GG′;G1→D P \ G

(¡G1) •G′;D P \ GG′;G1 −D P \ G

G1 G′;D P \ GG′;G1D P \ G

G1 •G′;D P \ GG′;G1D P \ G

Note that these inference rules will not fail when the input/output conventions

mentioned above are respected; thus every clause formula can be successfully residu-

ated.

Lemma 22

For every D,G′,P there exists a unique, non-atomic G such that G′;D P \ G

The example from the beginning of this section, P1 P2 P , can now be resid-

uated as follows:

P2 • (P1 1);P P \ (P.= P ) • (P2 • (P1 1))

P1 1;P2 P P \ (P.= P ) • (P2 • (P1 1))

1;P1 P2 P P \ (P.= P ) • (P2 • (P1 1))

where we use 1 to initialize the accumulated result.

We will remove the non-determinism from choiceΓ and choice∆ by replacing them

with the following rules:

1;D P \ G ΓLDΓR; ∆; Ωr−→ G

choiceRΓ

ΓLDΓR; ∆; Ωr−→ P

1Head in the sense of Prolog or λProlog.

93

1;D P \ G Γ; ∆L∆R; Ωr−→ G

choiceR∆

Γ; ∆LD∆R; Ωr−→ P

All of the other inference rules remained unchanged from Section 7.1.

We now prove the following theorems which justifies such a change.

Theorem 23 (Soundness of Residuation)

1. Γ; ∆; Ωr−→ G implies Γ; ∆; Ω −→ G.

2. Γ; ∆; (ΩL; ΩR)r−→ D P implies Γ; ∆; (ΩL; ΩR) −→ D P .

3. G′;D P \ G and Γ; ∆; Ωr−→ G implies

there exists ∆′, ∆D, ΩL, Ω′, and ΩR such that

Ω = ΩLΩ′ΩR and ∆ = ∆D ./∆′ and

Γ; ∆′; Ω′r−→ G′ and Γ; ∆D; (ΩL; ΩR) −→ D P .

Proof:

Parts 1 and 2: by structural induction on the given residuation derivation.

We show a representative case.

case:

1;D P \ G Γ; ∆L∆R; Ωr−→ G

choiceR∆


Γ; ∆L∆R; (ΩL; ΩR) −→ D P and Γ; ∆′; Ω′r−→ 1

where Ω = ΩLΩ′ΩR and ∆ = ∆L∆R ./ ∆′ ind. hyp. (Pt. 3)

∆′ = · = Ω′ inversion

Γ; ∆LD∆R; ΩLΩR −→ P choiceΩ

Part 3: by structural induction on given residual derivation using inversion on the

residuation derivation rules for multiplicative conjunctions. Note that G cannot be

atomic. We give a representative case for part 3.

94

case:

G1 G′;D P \ GG′;G1D P \ G and Γ; ∆; Ω

r−→ G

ΩLΩ′ΩR = Ω and ∆ = ∆D ./ ∆′ and

Γ; ∆′; Ω′ −→ G1 G′ and Γ; ∆D; (ΩL; ΩR) −→ D P ind. hyp.

Ω′ = Ω′2Ω′1 and ∆′ = ∆′1 ./∆′2 and

Γ; ∆′1; Ω′1r−→ G1 and Γ; ∆′2; Ω′2

r−→ G′ inversion on RΓ; ∆D ./∆′1; (ΩL; Ω′1ΩR) −→ G1D P by rule L

Theorem 24 (Completeness of Residuation)

1. Γ; ∆; Ω −→ G implies Γ; ∆; Ωr−→ G.

2. Γ; ∆; (ΩL; ΩR) −→ D P implies Γ; ∆; (ΩL; ΩR)r−→ D P .

3. Γ; ∆; (ΩL; ΩR) −→ D P and G′;D P \ G and Γ; ∆′; Ωr−→ G′

implies Γ; ∆ ./∆′; ΩLΩΩRr−→ G.

Proof: Structural induction on given uniform derivation. We give a representative

case for part 1, and for part 3.

case (for Part 1):

Γ; ∆L∆R; (ΩL; ΩR) −→ D Pchoice∆

Γ; ∆LD∆R; ΩLΩR −→ P

Γ; ·; · r−→ 1 rule 1R

1;D P \ G Lemma 22

Γ; ∆L∆R; ΩLΩRr−→ G ind. hyp. (Pt. 3)

Γ; ∆LD∆R; ΩLΩRr−→ P choiceRΩ

case (for Part 3):

Γ; ∆; (ΩL; ΩR) −→ D P Γ; ∆G; Ω1 −→ G1LΓ; ∆ ./ ∆G; (ΩL; Ω1ΩR) −→ G1D P

95

G′;G1D P \ G and Γ; ∆′; Ωr−→ G′ assumptions

G1 G′;D P \ G inversion

Γ; ∆G; Ω1r−→ G1 ind. hyp. (Pt. 1)

Γ; ∆G ./∆′; ΩΩ1r−→ G1 G′ by rule R

Γ; ∆ ./ ∆G ./ ∆′; ΩLΩΩ1ΩRr−→ G ind. hyp. (Pt. 3)

Note that only mobile formulas can be residuated into goal formulas. The fact

that these formulas can be placed anywhere in the ordered context is crucial for the

correctness of the residuation transformation. There seems to be no way to logically

compile ordered clause formulas into goal formulas because it would require recording

the location of the clause formula in the resulting goal formula.

96

Chapter 8

Lazy Context Splitting

We now deal with the non-deterministic context splitting required of the L, L,

−L, •R, and R rules. For linear logic, it is well known that this non-determinism

can be removed by using an input/output resource management system [27]. This

approach, which “lazily” splits contexts by passing all formulas, or resources, to one

premise and then giving the left-overs to the other premise, operationally requires

fixing an order for proving the premises of an inference rule.

More general constraint based approaches, which do not require a fixed order for

proving premises, are also possible for linear logic [22, 4]. It seems quite likely that

similar constraint based systems can be developed for ordered linear logic. However

these approaches, while of interest for general theorem proving, are not necessarily

suited for a logic programming interpreter whose operational semantics must have a

strong computational interpretation. Since we are presently aiming at developing a

logic programming system, we will not pursue general constraint-based approaches to

ordered resource management in this thesis.

As shown in [49] the input/output (IO) model can be extended to ordered linear

logic. In this chapter, we present those results applied to the residuation derivation

system of chapter 7.

8.1 An Ordered IO System

Linear hypotheses can be treated as in the so-called IO system of Hodas and Miller [27].

The rules •R, R, −L, L, and L propagate all linear hypotheses to the first

97

premise which returns the list of unused hypotheses when it has been solved success-

fully. These are then passed on to the second premise. The hypotheses used in neither

premise are then returned as unused in the conclusion.

This model of deterministic resource consumption is intuitively attractive and

easy to reason about for the programmer, but its extension to the ordered context is

complicated by the need to preserve the order of the hypotheses:

·; ·;P2P1(P1 P2 P ) −→ P

is a derivable sequent while

·; ·;P1P2(P1 P2 P ) −→ P

is not. For the main judgement of uniform derivability, adding input and output

contexts is straightforward.

Γ; ∆I\∆O; ΩI\ΩO −→ G

During the search, the input contexts Γ, ∆I, and ΩI and the goal G are given, while

the output contexts ∆O and ΩO are returned. In the interest of economy (both for the

presentation of the rules and the implementation) we do not actually delete formulas

from ∆I and ΩI but replace them with a placeholder .

The right rules for the ordered resource management judgement are constructed by

expanding the contexts from the uniform derivation system into pairs of input/output

contexts. Thus the R rule is just:

Γ ; ∆I\∆O ; ΩID\ΩO −→ GR

Γ ; ∆I\∆O ; ΩI\ΩO −→ DG

We require the in the output context to ensure the hypothesis has actually been

used. The other right rules (excluding those for • and ), as well as the choiceΓ and

choice∆ rules, are constructed similarly. Section 8.2 contains the complete resource

management system for ordered linear logic. Note that this lazy splitting of resources

actually introduces non-determinism, the construction of linear and ordered output

contexts, into the >R rule.

Next we come to the choiceΩ rule, that is, we choose to focus on an ordered

assumption. This determines the division of the remaining ordered hypotheses. We

98

therefore divide the input contexts and join the output contexts at the chosen as-

sumption. The new judgement reads

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P

where ΩLI and ΩRI are the parts to the left and right of the focussed formula D,

and ΩLO and ΩRO are the corresponding output contexts. The choiceΩ rule for this

system then looks as follows:

Γ ; ∆I\∆O ; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D PchoiceΩ

Γ ; ∆I\∆O ; ΩLIDΩRI\ΩLOΩRO −→ P

Replacing D from the input context with in the output context indicates that D

was consumed.

The init rule does not consume any resources except for the focus formula. There-

fore all input resources are passed on.

initΓ; ∆\∆; (ΩL\ΩL; ΩR\ΩR) −→ P P

This effectively states that the linear and ordered contexts of the initial sequent should

be empty.

The →L, −L, &L, and ∀L rules for this judgement introduce no new ideas.

We now consider the left rule for right implication. We are trying to derive a

judgement of the form

Γ ; ∆I\? ; (ΩLI\? ; ΩRI\?) −→ GD P

where the output contexts denoted by ? have yet to be computed. The linear out-

put context can be threaded through each of the premises without further analysis.

However for the ordered output contexts, we need to do a bit more work. Because

GD is a right implication situated between ΩLI and ΩRI , the derivation of G must

consume some initial segment of ΩRI . Before that, we need to see if D immediately

entails P (the left premise of the L rule)1 which we obtain from

Γ ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\Ω) −→ D P

Then we need to take the unconsumed parts at the left end of Ω, denoted by ΩGI ,

and allow them as the ordered input context for the solution to G.

Γ ; ∆M\∆O ; ΩGI\ΩGO −→ G

1In Prolog terminology: we need to unify the clause head with P before solving any subgoals.

99

Now we can fill the holes in the conclusion with ΩLO and ΩGOΩRO, respectively. In

summary, the rule reads

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→ D P Γ; ∆M\∆O; ΩGI\ΩGO −→ GL1

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩGOΩRO) −→ GD P

where ΩGI is the longest leftmost segment of ΩGIΩRO not containing , and ΩRO

the remainder. We will denote this with the following notation:

6∈ ΩGI and ΩRO = or ·

Note that ΩRO = or · really stands for ∃Ω. ΩRO = Ω or ΩRO = ·. We will use

the symmetric notation, ΩLO = or · to form the L and •R rules.

Further note that the context split appearing in the L rule, ΩGIΩRO, is deter-

ministic.

In order to demonstrate the intended operational use of the input/output system,

we now walk through a short example derivation (where we elide the always empty

unrestricted and linear contexts); figure 8.1 contains the complete formal derivation

(still with elided contexts). Consider trying to prove the closed formula:

(P1 P2 P ) P1 P2 P

Since we want a self-contained proof, we begin with the sequent:

·\· −→ (P1 P2 P ) P1 P2 P

where we specify that the ordered output context is empty. After three uses of the

R rule we arrive at the following situation:

(P1 P2 P )P1P2\? −→ P

where we have not yet computed the ordered output context. We must now choose a

formula to focus on. Of course we will choose the only one which works:

·\· ; P1P2\? −→ P1 P2 P P

We now start applying L rules. We will always try the major premise first and put

the minor premise on a stack of things to do. Thus we arrive at the sequent:

·\· ; P1P2\P1P2 −→ P P

100

init· \· ; P1P2\P1P2 −→ P P

initP1\P1 ; ·\· −→ P2 P2

choiceΩP1P2\P1 −→ P2L

· \· ; P1P2\P1 −→ P2 P P

init· \· ; ·\· −→ P1 P1

choiceΩP1\ −→ P1L

· \· ; P1P2\ −→ P1 P2 P PchoiceΩ

(P1 P2 P )P1P2\ −→ PR

(P1 P2 P )P1\ −→ P2 PR

(P1 P2 P )\ −→ P1 P2 PR

· \· −→ (P1 P2 P ) P1 P2 P

Figure 8.1: Sample derivation

Because this sequent is initial, we know that the input and output ordered contexts

are equal. We can now move on to the proof of P2:

P1P2\? −→ P2

We will prove this by focussing on P2. After a choiceΩ rule, we get to the initial

sequent:

P1\P1 ; ·\· −→ P2 P2

We know then, from the form of the choiceΩ rule that the output context for the

proof of P2, the immediately preceding ?, is P1. We may now move on to proving

P1. Note that the input context for the proof of P1 will only consist of P1:

P1\? −→ P1

We will focus on P1, which will give us an initial sequent. Then, coming out of the

choiceΩ rule, we will be able to compute that the output context above is just .

At this point, we have no presmises left to prove, however we are not done. We must

continue back “down” the proof tree, filling in output contexts and checking to make

sure the conditions on the output contexts required by the R rules are met.

The right rule for • is handled similarly. The left rule for and the right rule

for are symmetrically fashioned.

101

8.2 Resource Management System for OLL

We now present the complete resource management system (RMS) for ordered linear

logic. We have two types of sequent for our RMS derivations

Γ; ∆I\∆O; ΩI\ΩO −→ G

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P

corresponding to the two types of sequents in the previous sections. are the output

contexts. The unrestricted and ordered input contexts, Γ, ΩI , ΩLI , and ΩRI , are lists

of clauses which do not contain placeholders, . The linear input context, ∆I, is a

list which may contain both formulas and . Likewise, all of the output contexts,

∆O, ΩO, ΩLO, and ΩRO, may contain both formulas and .

We define the following “superset” relation on input/output contexts, where we

use Ψ to stand for any kind of context (unrestricted, linear, or ordered):

· w ·Ψ w Ψ′

ΨD w Ψ′D

Ψ w Ψ′

ΨD w Ψ′Ψ w Ψ′

Ψ w Ψ′

It will be an invariant of our derivation rules that input contexts will always be

supersets of their associated output contexts, i.e., anytime ΨI\ΨO appears in a valid

derivation, ΨI w ΨO holds.

We use the notation ‖Ψ‖ to denote the length of list Ψ. Note that Ψ w Ψ′ implies

that ‖Ψ‖ = ‖Ψ′‖.

Here are the RMS derivation rules:

.=R

Γ; ∆\∆; Ω\Ω −→ P.= P

1RΓ; ∆\∆; Ω\Ω −→ 1

Γ; ·\·; ·\· −→ G!R

Γ; ∆\∆; Ω\Ω −→ !G

Γ; ∆I\∆O; ·\· −→ G¡R

Γ; ∆I\∆O; Ω\Ω −→ ¡G

ΓD; ∆I\∆O; ΩI\ΩO −→ G→R

Γ; ∆I\∆O; ΩI\ΩO −→ D→G

Γ; ∆ID\∆O; ΩI\ΩO −→ G−R

Γ; ∆I\∆O; ΩI\ΩO −→ D −G

Γ; ∆I\∆O; ΩID\ΩO −→ GR

Γ; ∆I\∆O; ΩI\ΩO −→ DG

Γ; ∆I\∆O;DΩI\ΩO −→ GR

Γ; ∆I\∆O; ΩI\ΩO −→ DG

102

Γ; ∆I\∆M ; ΩI\ΩLΩ2 −→ G1 Γ; ∆M\∆O; Ω2\ΩR −→ G2 •RΓ; ∆I\∆O; ΩI\ΩLΩR −→ G1 •G2

( 6∈ Ω2 and (ΩL = or ·))

Γ; ∆I\∆M ; ΩI\Ω2ΩR −→ G1 Γ; ∆M\∆O; Ω2\ΩL −→ G2 RΓ; ∆I\∆O; ΩI\ΩLΩR −→ G1 G2

( 6∈ Ω2 and (ΩR = or ·))

ΩI w ΩO and ∆I w ∆O >RΓ; ∆I\∆O; ΩI\ΩO −→ >

Γ; ∆I\∆O; ΩI\ΩO −→ G1 Γ; ∆I\∆O; ΩI\ΩO −→ G2&R

Γ; ∆I\∆O; ΩI\ΩO −→ G1 &G2

Γ; ∆I\∆O; ΩI\ΩO −→ G1 ⊕R1Γ; ∆I\∆O; ΩI\ΩO −→ G1 ⊕G2

Γ; ∆I\∆O; ΩI\ΩO −→ G2 ⊕R2Γ; ∆I\∆O; ΩI\ΩO −→ G1 ⊕G2

Γ; ∆I\∆O; ΩI\ΩO −→ G[a/x]∀aR

Γ; ∆I\∆O; ΩI\ΩO −→ ∀x. G(a not free in conclusion)

Γ; ∆I\∆O; ΩI\ΩO −→ G[t/x]∃R

Γ; ∆I\∆O; ΩI\ΩO −→ ∃x. G

1;D P \ G ΓLDΓR; ∆I\∆O; ΩI\ΩO −→ GchoiceΓ

ΓLDΓR; ∆I\∆O; ΩI\ΩO −→ P

1;D P \ G Γ; ∆LI∆RI\∆O; ΩI\ΩO −→ Gchoice∆

Γ; ∆LID∆RI\∆O; ΩI\ΩO −→ P

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D PchoiceΩ

Γ; ∆I\∆O; ΩLIDΩRI\ΩLOΩRO −→ P

initΓ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→ P P

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D1 P&L1

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D1 &D2 P

103

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D2 P&L2

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D1 &D2 P

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D[t/x] P∀L

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ ∀x. D P

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P Γ; ·\·; ·\· −→ G→L

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ G→D P

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P Γ; ∆M\∆O; ·\· −→ G−L

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ G−D P

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→ D P Γ; ∆M\∆O; ΩGI\ΩGO −→ GL


( 6∈ ΩGI and (ΩRO = or ·))

Γ; ∆I\∆M ; (ΩLI\ΩLOΩGI ; ΩRI\ΩRO) −→ D P Γ; ∆M\∆O; ΩGI\ΩGO −→ GL

Γ; ∆I\∆O; (ΩLI\ΩLOΩGO ; ΩRI\ΩRO) −→ GD P

( 6∈ ΩGI and (ΩLO = or ·))

Note that the choice∆ rule only allows an actual formula, and not a , to be

focussed upon.

The RMS system satisfies the following basic properties which we shall rely upon

to prove its correctness.

Lemma 25

1. Γ; ∆I\∆O; ΩI\ΩO −→ G implies ΩI w ΩO and ∆I w ∆O.

2. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P implies

ΩLI w ΩLO and ΩLI w ΩLO and ∆I w ∆O.

104

3. Γ; ∆I\∆O; ΩILΩIR\ΩOLΩOR −→ G and 6∈ Ω,∆ and ΩIL w ΩOL

implies Γ; ∆I ./ ∆\∆O ./∆; ΩILΩΩIR\ΩOLΩΩOR −→ G.

4. Γ; ∆I\∆O; (ΩLILΩLIR\ΩLOLΩLOR ; ΩRI\ΩRO) −→ D P

and 6∈ Ω and ΩLIL w ΩLOL implies

Γ; ∆I\∆O; (ΩLILΩΩLIR\ΩLOLΩΩLOR ; ΩRI\ΩRO) −→ D P .

5. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRILΩRIR\ΩROLΩROR) −→ D P

and 6∈ Ω and ΩRIL w ΩROL implies

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRILΩΩRIR\ΩROLΩΩROR) −→ D P .

Proof: By structural induction on given derivation.

8.3 Correctness of RMS

In order to prove that RMS derivations are sound and complete with respect to resid-

uation derivations, we define the difference of an input context, and output context,

ΨI −ΨO, as follows:

· − · = ·ΨID −ΨOD = (ΨI −ΨO)

ΨI−ΨO = (ΨI −ΨO)

ΨID −ΨO = (ΨI −ΨO)D

where input patterns not covered are undefined. Thus ‖ΨI‖ 6= ‖ΨO‖ implies ΨI −ΨO is undefined. Also note that ΨI w ΨO implies ΨI − ΨO is defined; and

conversely, ΨI −ΨO is defined implies ΨI w ΨO.

We begin by showing soundness.

Theorem 26 (Soundess of RMS)

1. Γ; ∆I\∆O; ΩI\ΩO −→ G implies Γ; ∆I −∆O; ΩI − ΩOr−→ G.

2. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P implies

Γ; ∆I −∆O; (ΩLI − ΩLO; ΩRI − ΩRO)r−→ D P .

105

Proof: By structural induction on given RMS derivation. We give representative

cases.

case:init

Γ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→ P P

Then

Γ; ·; (·; ·) r−→ P P init

case:

1;D P \ G Γ; ∆IL∆IR\∆O; ΩI\ΩO −→ Gchoice∆

Γ; ∆ILD∆IR\∆O; ΩI\ΩO −→ P

Then

Γ; ∆IL∆IR −∆O; ΩI − ΩOr−→ G ind. hyp.

∆O = ∆OL∆OR where ∆IL w ∆OL ∆IL∆IR w ∆O

∆IL∆IR −∆O = (∆IL −∆OL)(∆IR −∆OR)

Γ; (∆IL −∆OL)D(∆IR −∆OR); ΩI −ΩOr−→ P choice∆

Note (∆IL −∆OL)D(∆IR −∆OR) = ∆ILD∆IR −∆OL∆OR

case:

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D PchoiceΩ

Γ; ∆I\∆O; ΩLIDΩRI\ΩLOΩRO −→ P

Then

Γ; ∆I −∆O; (ΩLI − ΩLO; ΩRI − ΩRO)r−→ D P ind. hyp.

Γ; ∆I −∆O; (ΩLI − ΩLO)D(ΩRI − ΩRO)r−→ P choiceΩ

Note (ΩLI − ΩLO)D(ΩRI −ΩRO) = ΩLIDΩRI − ΩLOΩRO

case:

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→ D P Γ; ∆M\∆O; ΩGI\ΩGO −→ GL


( 6∈ ΩGI and (ΩRO = or ·))Then

ΩRI = ΩGIΩRR lemma 25

ΩRI − ΩGIΩRO = ΩRR − ΩRO 6∈ ΩGI and defn. of -

ΩRI − ΩGOΩRO = (ΩGI −ΩGO)(ΩRR − ΩRO) defn. of -

106

Γ; ∆M −∆O; ΩGI −ΩGOr−→ G ind. hyp.

Γ; ∆I −∆M ; (ΩLI − ΩLO; ΩRR − ΩRO)r−→ D P ind. hyp.

Note: (∆I −∆M ) ./ (∆M −∆O) = ∆I −∆O

Γ; ∆I −∆O; (ΩLI −ΩLO; (ΩGI − ΩGO)(ΩRR − ΩRO))r−→ GD P L

We immediately get the following corollary:

Corollary 27

1. Γ; ·\·; ·\· −→ G implies Γ; ·; · r−→ G.

2. Γ; ·\·; (·\· ; ·\·) −→ G P implies Γ; ·; (·; ·) r−→ G P .

We now move on to showing completeness.

Theorem 28 (Completeness of RMS)

1. Γ; ∆I −∆O; ΩI − ΩOr−→ G and 6∈ ΩI

implies Γ; ∆I\∆O; ΩI\ΩO −→ G.

2. Γ; ∆I −∆O; (ΩLI − ΩLO; ΩRI − ΩRO)r−→ D P

and 6∈ ΩLI and 6∈ ΩRI implies

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P .

Proof: By structural induction on given residuation derivation. We give representa-

tive cases.

case:init

Γ; ·; (·; ·) r−→ P P

Then

∆I −∆O = · and ΩLI −ΩLO = · and ΩLI − ΩLO = · assumptions

∆I = ∆O and ΩLI = ΩLO and ΩRI = ΩRO defn. of -

Γ; ∆I\∆I ; (ΩLI\ΩLI ; ΩRI\ΩRI) −→ P P init

107

case:

1;D P \ G Γ; ∆L∆R; Ωr−→ G

choice∆


Then

∆I −∆O = ∆LD∆R and ΩI −ΩO = Ω assumptions

∆I = ∆ILD∆IR and ∆O = ∆OL∆OR and ∆IL −∆OL = ∆L

∆IL∆IR −∆OL∆OR = ∆L∆R

Γ; ∆IL∆IR\∆O; ΩI\ΩO −→ G ind. hyp.

Γ; ∆ILD∆IR\∆O; ΩI\ΩO −→ P choice∆

case:

Γ; ∆; (ΩL; ΩR)r−→ D P

choiceΩ

Γ; ∆; ΩLDΩRr−→ P

Then

∆I −∆O = ∆ and ΩI − ΩO = ΩLDΩR assumptions

ΩI = ΩILDΩIR and ΩO = ΩOLΩOR

where ΩIL − ΩOL = ΩL and ΩIR − ΩOR = ΩR defn. of -

Γ; ∆I\∆O; (ΩIL\ΩOL ; ΩIR\ΩOR) −→ D P ind. hyp.

Γ; ∆I\∆O; ΩILDΩIR\ΩOLΩOR −→ P choiceΩ

case:

Γ; ∆; (ΩL; ΩR)r−→ D P Γ; ∆G; ΩG

r−→ GL

Γ; ∆ ./∆G; (ΩL; ΩGΩR)r−→ GD P

Then

Let ∆I −∆O = ∆ ./ ∆G and 6∈ ΩLI and 6∈ ΩRI

and ΩLI − ΩLO = ΩL and ΩRI − Ω′RO = ΩGΩR assumptions

Let ∆M be a context s.t. ∆I −∆M = ∆ and ∆M −∆O = ∆G

Let ΩGIΩRR = ΩRI and ΩGOΩRO = Ω′RO where

ΩGI − ΩGO = ΩG and ΩRR − ΩRO = ΩR and (ΩRO = or ·)Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→ D P ind. hyp.

Γ; ∆M\∆O; ΩGI\ΩGO −→ G ind. hyp.

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩGOΩRO) −→ GD P by rule L

108

The RMS derivation succeeds in removing all non-deterministic context-splits.

However, this comes at the cost of introducing non-determinism into the >R rule.

This new non-determinism must also be eradicated in order to have a feasible basis

for a logic programming language.

109

110

Chapter 9

Lazy Erasure

As noted in Chapter 8, we removed the non-deterministic context splits at the expense

of making the >R rule highly non-deterministic. A similar situation occurs in the

development of Lolli [26] and is simply dealt with by adding a binary flag to each

sequent denoting whether, or not, a > capable of consuming the linear hypotheses

occurs in the derivation; if such a > does occur, then linearity can be relaxed. In

that system the >R rule does nothing except set this flag. Thus we may think of >consuming, or erasing, formulas in a lazy fashion just as the RMS system of Chapter 8

lazily splits contexts.

Unfortunately, such a simple solution is not possible for ordered linear logic. The

fact that ordered contexts are split apart and later recombined prevents a solution

with a single binary flag– consider that the immediate entailment sequents maintain

two separate ordered context input/output pairs. However, there is a way to extend

the idea of a > flag which allows us to remove the non-determinism from the >R rule.

This chapter explains how we accomplish that task.

9.1 Making > Deterministic

In this section we remove the non-determinism from the >R rule by making it lazy–

it will simply pass on its input context– and adding some new information to the

sequents to keep track of which parts of the ordered context could have been consumed

by a >.

Rather than use a single >-flag, we will use a list, τ , containing both 0 and 1

111

which serves as an abstraction of the output context. The 0s in τ will correspond

to the s in Ω. The 1s in τ will corresponds to regions of Ω which could have been

consumed by a >. For example consider the following:

Ω = Ω1Ω2 τ = 0100

where 6∈ Ω1Ω2. The 1 in τ states that Ω1 passed through a >R rule and thus need

not be explicitly consumed. However, Ω2 must be explicitly consumed since there is no

1 in τ matching it. Thus the τs may also be thought of as abstractions of the output

contexts which express strictness (whether formulas must be explicitly consumed)

constraints. In analogy to output contexts, we will use the notation τ = 0 or · ,

and its symmetric variation, to stand for ∃τ ′. τ = 0τ ′ or τ = ·.

In order to simplify our presentation, we shall restrict τ to never have two consecu-

tive 1s. To cut down the number of explicit cases we must examine in our subsequent

development, we define the following concatenation operators for τ which contract

adjacent 1s:

·+ τ ′ = τ ′

τ0 + τ ′ = τ0τ ′

τ1 + · = τ1

τ1 + 0τ ′ = τ10τ ′

τ1 + 1τ ′ = τ1τ ′

· ∗ · = ·1 ∗ · = ·· ∗ 1 = ·1 ∗ 1 = 1

We will use the “disjunctive” concatenation, +, to form output contexts in the infer-

ence rules developed in this section. We will only use the “conjunctive” concatenation,

∗, in the definition of mrg, a helper function defined below.

Note that the constraint 0 6∈ τ implies that τ = · or τ = 1.

As a result of making >R lazy, two different, yet compatible, output contexts

might be computed for the two premises of the &R rule. In order to give a correct

version of the rule, we need to be able to merge compatible contexts into a form

which preserves the constraints on both contexts. With this in mind, we define a

helper relation, mrg(Ω1, τ1,Ω2, τ2,Ω, τ ), to merge two compatible pairs of ordered

output contexts and their abstractions. Note that mrg is a function where the first

four arguments are input and the last two are output.

0 6∈ τ1 and 0 6∈ τ2

mrg(·, τ1, ·, τ2, ·, τ1 ∗ τ2)

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

mrg(DΩ1, τ1, DΩ2, τ2, DΩ, τ )

112

mrg(Ω1, 1τ1,Ω2, τ2,Ω, τ )(0 6∈ τ ′2)

mrg(DΩ1, 1τ1,Ω2, τ′20τ2,Ω, τ ′20τ )

mrg(Ω1, τ1,Ω2, 1τ2,Ω, τ )(0 6∈ τ ′1)

mrg(Ω1, τ′10τ1, DΩ2, 1τ2,Ω, τ ′10τ )

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )(0 6∈ τ ′i)

mrg(Ω1, τ′10τ1,Ω2, τ

′20τ2,Ω, (τ ′1 ∗ τ ′2)0τ )

mrg satisfies the following properties which we will rely upon in the subsequent

correctness proofs.

Lemma 29

1. mrg(Ω1, τ1,Ω2, τ2,Ω, 1τ ) implies τ1 = 1τ ′1 and τ2 = 1τ ′2.

2. mrg(Ω1, τ1,Ω2, τ2,Ω, τ ) and 6∈ Ω implies Ω1 = Ω2 = Ω.

3. mrg(Ω1, τ1,Ω2, τ2,Ω, τ ) implies mrg(Ω1, 1 + τ1,Ω2, 1 + τ2,Ω, 1 + τ ).

Proof: By structural induction on the given derivation.

We also define mrgL(∆1, v1,∆2, v2,∆, v), where vi ∈ T, F, to merge two com-

patible linear contexts. We use the standard notations ∨ and ∧ for boolean disjunction

and conjunction. mrgL is also a function where the first four arguments are input

and the last two are output.

mrgL(·, v1, ·, v2, ·, v1 ∧ v2)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(D∆1, v1, D∆2, v2, D∆, v)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(∆1, T,∆2, v2,∆, v)

mrgL(D∆1, T,∆2, v2,∆, v)

mrgL(∆1, v1,∆2, T,∆, v)

mrgL(∆1, v1, D∆2, T,∆, v)

We state a few properties of mrgL which will be helpful in subsequent proofs.

113

Lemma 30

Assume T w T and T w F and F w F and F 6w T .

1. mrgL(∆1, v1,∆2, v2,∆, v) implies v = v1 ∧ v2 and ∆i w ∆.

2. mrgL(∆1, v1,∆2, v2,∆, v) and vi = F implies ∆i = ∆.

3. ∆1 w ∆2 and v1 w v2 implies

there exist ∆ and v such that mrgL(∆1, v1,∆2, v2,∆, v).

4. ∆2 w ∆1 and v2 w v1 implies

there exist ∆ and v such that mrgL(∆1, v1,∆2, v2,∆, v).

Proof: By structural induction on given derivation in parts 1 and 2. By structural

induction on ∆1 in part 3. By structural induction on ∆2 in part 4.

We now have enough machinery to write down our >-flag derivation system. We

have two types of sequent for our >-flag derivations:

Γ; ∆I\∆O; ΩI\ΩO −→v τ

G

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→v (τL ; τR)

D P

which correspond exactly to their RMS counterparts with the addition of the previ-

ously described output context abstractions, τ , τL, τR, and a linear>-flag, v ∈ T, F.

Here are the >-flags derivation rules:

.=R

Γ; ∆\∆; Ω\Ω −→F ·

P.= P

1RΓ; ∆\∆; Ω\Ω −→

F ·1

Γ; ·\·; ·\· −→v τ

G

!RΓ; ∆\∆; Ω\Ω −→

F ·!G

Γ; ∆I\∆O; ·\· −→v τ

G¡R

Γ; ∆I\∆O; Ω\Ω −→v ·

¡G

ΓD; ∆I\∆O; ΩI\ΩO −→v τ

G→R


D→G

Γ; ∆ID\∆O; ΩI\ΩO −→v τ

G

−RFΓ; ∆I\∆O; ΩI\ΩO −→

v τD −G

Γ; ∆ID\∆OD; ΩI\ΩO −→T τ

G

−RTΓ; ∆I\∆O; ΩI\ΩO −→

T τD −G

114

Γ; ∆I\∆O; ΩID\ΩO −→v τ0τ ′

G

R0 (0 6∈ τ ′)Γ; ∆I\∆O; ΩI\ΩO −→

v τDG

Γ; ∆I\∆O; ΩID\ΩOD −→v τ1

G

R1Γ; ∆I\∆O; ΩI\ΩO −→

v τ1DG

Γ; ∆I\∆O;DΩI\ΩO −→v τ ′0τ

G

R0 (0 6∈ τ ′)Γ; ∆I\∆O; ΩI\ΩO −→

v τDG

Γ; ∆I\∆O;DΩI\DΩO −→1τ G R1

Γ; ∆I\∆O; ΩI\ΩO −→1τ DG

Γ; ∆I\∆M ; ΩI\ΩLΩ2 −→v1 τL

G1 Γ; ∆M\∆O; Ω2\ΩR −→v2 τR

G2

•RΓ; ∆I\∆O; ΩI\ΩLΩR −→

(v1∨v2) (τL+τR)G1 •G2

( 6∈ Ω2 and (ΩL = or ·))

Γ; ∆I\∆M ; ΩI\Ω2ΩR −→v1 τR

G1 Γ; ∆M\∆O; Ω2\ΩL −→v2 τL

G2

RΓ; ∆I\∆O; ΩI\ΩLΩR −→

(v1∨v2) (τL+τR)G1 G2

( 6∈ Ω2 and (ΩR = or ·))

>RΓ; ∆\∆; Ω\Ω −→

T 1>

Γ; ∆I\∆1; ΩI\Ω1 −→v1 τ1

G1 Γ; ∆I\∆2; ΩI\Ω2 −→v2 τ2

G2

mrg(Ω1, τ1,Ω2, τ2,ΩO, τ)

mrgL(∆1, v1,∆2, v2,∆O, v)

&RΓ; ∆I\∆O; ΩI\ΩO −→

v τG1 &G2


G1

⊕R1Γ; ∆I\∆O; ΩI\ΩO −→

v τG1 ⊕G2


G2

⊕R2Γ; ∆I\∆O; ΩI\ΩO −→

v τG1 ⊕G2


G[a/x]∀aR

Γ; ∆I\∆O; ΩI\ΩO −→v τ∀x. G

(a not free in conclusion)


G[t/x]

∃RΓ; ∆I\∆O; ΩI\ΩO −→

v τ∃x. G

115

1;D P \ G ΓLDGR; ∆I\∆O; ΩI\ΩO −→v τ

G

choiceΓΓLDΓR; ∆I\∆O; ΩI\ΩO −→

v τP

1;D P \ G Γ; ∆LI∆RI\∆O; ΩI\ΩO −→v τ

G

choice∆Γ; ∆LID∆RI\∆O; ΩI\ΩO −→

v τP


D P

choiceΩΓ; ∆I\∆O; ΩLIDΩRI\ΩLOΩRO −→

v τL0τRP

initΓ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→

F (· ; ·)P P


D1 P

&L1Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→

v (τL ; τR)D1 &D2 P


D2 P

&L2Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→



D[t/x] P

∀LΓ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→

v (τL ; τR)∀x. D P


D P Γ; ·\·; ·\· −→v′ τ

G

→L


G→D P

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩRO) −→v1 (τL ; τR)

D P Γ; ∆M\∆O; ·\· −→v2 τ

G

−LΓ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→

(v1∨v2) (τL ; τR)G−D P

116

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→v1 (τL ; τR)

D P Γ; ∆M\∆O; ΩGI\ΩGO −→v2 τ

G

LΓ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩGOΩRO) −→

(v1∨v2) (τL ; τ+τR)GD P


Γ; ∆I\∆M ; (ΩLI\ΩLOΩGI ; ΩRI\ΩRO) −→v1 (τL ; τR)


G

LΓ; ∆I\∆O; (ΩLI\ΩLOΩGO ; ΩRI\ΩRO) −→

(v1∨v2) (τL+τ ; τR)GD P


We introduce the following notation:

#(Ω) ≡ the number of placeholders in Ω

#(τ ) ≡ the number of 0s in τ

>-flags derivations satisfy the following basic properties.

Lemma 31

1. Γ; ∆I\∆O; ΩI\ΩO −→v τ

G implies ΩI w ΩO and #(ΩO) = #(τ ).

2. ∆IL w ∆OL implies

Γ; ∆IL∆IR\∆OL∆OR; ΩI\ΩO −→v τ

G iff

Γ; ∆ILD∆IR\∆OLD∆OR; ΩI\ΩO −→v τ

G.

3. ΩIL w ΩOL and 6∈ Ω implies

Γ; ∆I\∆O; ΩILΩΩIR\ΩOLΩΩOR −→v τ

G iff

Γ; ∆I\∆O; ΩILΩIR\ΩOLΩOR −→v τ

G.

4. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→v (τL ; τR)

D P implies

ΩLI w ΩLO and ΩRI w ΩRO and

#(ΩLO) = #(τL) and #(ΩRO) = #(τR).

5. ∆IL w ∆OL implies

Γ; ∆IL∆IR\∆OL∆OR; (ΩLI\ΩLO ; ΩRI\ΩRO) −→v (τL ; τR)

D P iff

Γ; ∆ILD∆IR\∆OLD∆OR; (ΩLI\ΩLO ; ΩRI\ΩRO) −→v (τL ; τR)

D P .

117

6. ΩLIL w ΩLOL and 6∈ Ω implies

Γ; ∆I\∆O; (ΩLILΩΩLIR\ΩLOLΩΩLOR ; ΩRI\ΩRO) −→v (τL ; τR)

D P iff

Γ; ∆I\∆O; (ΩLILΩLIR\ΩLOLΩLOR ; ΩRI\ΩRO) −→v (τL ; τR)

D P .

7. ΩRIL w ΩROL and 6∈ Ω implies

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRILΩΩRIR\ΩROLΩΩROR) −→v (τL ; τR)

D P iff

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRILΩRIR\ΩROLΩROR) −→v (τL ; τR)

D P .

Proof: Each part is proved by straightforward structural induction on the given

derivation.

9.2 Correctness of >-flags System

In order to prove the correctness of the >-flags derivation system with respect to the

resource management system of Chapter 8, we need to relate >-flags output contexts,

and their associated flag lists, to RMS output contexts. Due to the lazy treatment of

>, one >-flags context can be related to many RMS contexts. We define the following

relation between >-flags output contexts and RMS output contexts:

0 6∈ τΦ(·, τ, ·)

Φ(Ω, τ,Ω′)

Φ(DΩ, τ,DΩ′)

Φ(Ω, 1τ,Ω′)

Φ(DΩ, 1τ,Ω′)

Φ(Ω, τ,Ω′)(0 6∈ τ ′)

Φ(Ω, τ ′0τ,Ω′)

Φ satisfies the following properties which we rely upon to prove correctness of the

>-flags derivations.

Lemma 32

1. Φ(Ω, τ,Ω′) implies Ω w Ω′.

2. Φ(ΩL, τL,Ω′L) and Φ(ΩR, τR,Ω′R) implies Φ(ΩLΩR, τL + τR,Ω′LΩ′R).

3. Φ(ΩLΩR, τLτR,Ω′) and #(ΩL) = #(τL)

and (ΩR = or ·) and (τR = 0 or ·) implies

there exist Ω′L and Ω′R such that

Ω′ = Ω′LΩ′R and Φ(ΩL, τL,Ω′L) and Φ(ΩR, τR,Ω′R).

118

4. Φ(ΩLΩR, τLτR,Ω′) and #(ΩR) = #(τR)

and (ΩL = or ·) and (τL = 0 or ·) implies

there exist Ω′L and Ω′R such that

Ω′ = Ω′LΩ′R and Φ(ΩL, τL,Ω′L) and Φ(ΩR, τR,Ω′R).

5. Φ(Ω, τ,Ω′LΩ′R) and 6∈ Ω implies

there exist ΩL and ΩR such that

Ω = ΩLΩR and Φ(ΩL, τ,Ω′L) and Φ(ΩR, τ,Ω′R).

Proof: Each part is proved by induction on the given derivation.

Additionally, Φ and mrg interact in the following manner which allows our &R

rule to correctly match the corresponding RMS rule.

Lemma 33

1. Φ(Ω, τ,Ω′) and mrg(Ω1, τ1,Ω2, τ2,Ω, τ ) implies

Φ(Ω1, τ1,Ω′) and Φ(Ω2, τ2,Ω′).

2. Φ(Ω1, τ1,Ω′) and Φ(Ω2, τ2,Ω′) implies

there exist Ω and τ such that

Φ(Ω, τ,Ω′) and mrg(Ω1, τ1,Ω2, τ2,Ω, τ ).

Proof:

Part 1: By induction on Φ(Ω, τ,Ω′) examining cases for mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

making use of lemma 29.

Part 2: By induction on Φ(Ω1, τ1,Ω′) examining cases for Φ(Ω2, τ2,Ω′).

We now prove the soundness of >-flags derivations wrt to RMS derivations. This

proof is complicated by the fact that formulas in a >-flags context can be translated

to s and the deterministic context splits (in the L,L, •R, and R rules) depend

upon s. Consider the rule

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→v1 (τL ; τR)


G




119

The output context, ΩGIΩRO will be translated to some context Ω′O. We will then

deterministically split Ω′O into Ω′GIΩ′RO where 6∈ Ω′GI and Ω′RO = or ·. However,

if τR begins with a 1, ΩGI might be longer than Ω′GI since any formula in ΩGI could

have been translated to a . In such a situation, we will have cut out of ΩGI , in the

second premise, the formulas which were consumed by the >, corresponding to the

opening 1 in τR, in order to construct the matching RMS rule instantiation. It turns

out this is always possible to do, although the analysis is quite tedious.

We will consider four cases, two for each type of sequent depending on the value

of the linear > flag.

Theorem 34 (Soundness of >-flags)

1. Γ; ∆I\∆O; ΩI\ΩO −→F τ

G and Φ(ΩO, τ,Ω′O)

implies Γ; ∆I\∆O; ΩI\Ω′O −→ G.

2. Γ; ∆I\∆O; ΩI\ΩO −→T τ

G and Φ(ΩO, τ,Ω′O) and ∆O w ∆′O

implies Γ; ∆I\∆′O; ΩI\Ω′O −→ G.

3. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→F (τL ; τR)

D P

and Φ(ΩLO , τL,Ω′LO) and Φ(ΩRO, τR,Ω′RO)

implies Γ; ∆I\∆O; (ΩLI\Ω′LO ; ΩRI\Ω′RO) −→ D P .

4. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→T (τL ; τR)

D P

and ∆O w ∆′O and Φ(ΩLO, τL,Ω′LO) and Φ(ΩRO, τR,Ω′RO)

implies Γ; ∆I\∆′O; (ΩLI\Ω′LO ; ΩRI\Ω′RO) −→ D P .

Proof: By structural induction on given derivation. We give representative cases.

case:>R

Γ; ∆\∆; Ω\Ω −→T 1>

Then

Φ(Ω, 1,Ω′) and ∆ w ∆′ assumptions

Ω w Ω′ Lemma 32.1

Γ; ∆\∆′; Ω\Ω′ −→ > >R

120

case:

Γ; ∆I\∆1; ΩI\Ω1 −→T τ1

G1 Γ; ∆I\∆2; ΩI\Ω2 −→T τ2

G2

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

mrgL(∆1, T,∆2, T,∆O, T )

&RΓ; ∆I\∆O; ΩI\ΩO −→

T τG1 &G2

Then

Φ(ΩO, τ,Ω′O) and ∆O w ∆′O assumption

Φ(Ω1, τ1,Ω′O) and Φ(Ω2, τ2,Ω′O) Lemma 33

∆1 w ∆O and ∆2 w ∆O Lemma 30

Note ∆1 w ∆′O and ∆2 w ∆′OΓ; ∆I\∆′O; ΩI\Ω′O −→ G1 and Γ; ∆I\∆′O; ΩI\Ω′O −→ G2 ind. hyp.

Γ; ∆I\∆′O; ΩI\Ω′O −→ G1 &G2 rule &R

case:init

Γ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→F (· ; ·)

P P

Then

Φ(ΩL, ·,Ω′L) and Φ(ΩR, ·,Ω′R) assumptions

ΩL = Ω′L and ΩR = Ω′R inspection of Φ

Γ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→ P P init

case:Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→

F (τL ; τR)D P


F τL0τRP

Then

Φ(ΩLOΩRO, τL0τR,Ω′O) assumption

#(τL) = #(ΩLO) and #(τR) = #(ΩRO) Lemma 31

Ω′O = Ω′LOΩ′R and Φ(ΩLO, τL,Ω′LO) and Φ(ΩRO, 0τR,Ω′R) Lemma 32.3

Ω′R = Ω′RO and Φ(ΩRO, τR,Ω′RO) inversion on Φ

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→ D P ind. hyp.

Γ; ∆I\∆O; ΩLIDΩRI\ΩLOΩRO −→ P choiceΩ

121

case:

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→F (τL ; τR)

D P Γ; ∆M\∆O; ΩGI\ΩGO −→F τ

G


F (τL ; ττR)GD P

( 6∈ ΩGI and (ΩRO = or ·) and τR 6= 1τ ′)

Φ(ΩLO, τL,Ω′LO) and Φ(ΩGOΩRO, ττR,Ω′O) assumptions

Note τR = 0 or ·#(τR) = #(ΩGIΩRO) = #(ΩRO) and #(τ ) = #(ΩGO) Lemma 31

Ω′O = Ω′GOΩ′RO and Φ(ΩGO , τ,Ω′GO) and Φ(ΩRO, τR,Ω′RO)

for some Ω′GO and Ω′RO Lemma 32.3

Γ; ∆M\∆O; ΩGI\Ω′GO −→ G ind. hyp.(1)

Φ(ΩGIΩRO, τR,ΩGIΩ′RO) 6∈ ΩGI

Γ; ∆I\∆M ; (ΩLI\Ω′LO ; ΩRI\ΩGIΩ′RO) −→ D P ind. hyp.(3)

Ω′RO = or · inversion on Φ

Γ; ∆I\∆O; (ΩLI\Ω′LO ; ΩRI\Ω′GOΩ′RO) −→ GD P rule L

case:

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→F (τL ; 1τR)

D P Γ; ∆M\∆O; ΩGI\ΩGO −→F τ

G


F (τL ; τ+1τR)GD P


Then

Φ(ΩLO, τL,Ω′LO) and Φ(ΩGOΩRO, τ + 1τR,Ω′O) assumptions

#(ΩGO) = #(τ ) and #(ΩGIΩRO) = #(ΩRO) = #(1τR) lemma 31

Ω′O = Ω′GOΩ′RO and Φ(ΩGO , τ + 1,Ω′GO) and Φ(ΩRO, τR,Ω′RO) Lemma 32.3

Let ΩGOLΩGIR = ΩGO where (ΩGOL = or ·) and 6∈ ΩGIR

Let τGLτGR = τ where (τGL = 0 or ·) and 0 6∈ τGR#(ΩGO) = #(ΩGOL) = #(τ + 1) 6∈ ΩGIR

Note τGR + 1 = 1

122

Ω′GO = Ω′GOLΩ′GIR and Φ(ΩGOL, τGL,Ω′GOL) and Φ(ΩGIR, 1,Ω′GIR)

for some Ω′GOL and Ω′GIR Lemma 32.4

Let Ω′GIRLΩ′GIRR = Ω′GIR where 6∈ Ω′GIRL and (Ω′GIRR = or ·)ΩGIR = ΩGIRLΩGIRR and Φ(ΩGIRL, 1,Ω′GIRL) and Φ(ΩGIRR, 1,Ω′GIRR)

for some ΩGIRL and ΩGIRR Lemma 32.5

Φ(ΩGIRL, τGR,Ω′GIRL) and ΩGIRL = Ω′GIRL 6∈ Ω′GIRL, 0 6∈ τGRNote τGL + τGR = τ

Φ(ΩGOLΩGIRL, τ,Ω′GOLΩGIRL) Lemma 32.2

ΩGI = ΩGILΩGIRLΩGIRR and ΩGIL w ΩGOL for some ΩGIL ΩGI w ΩGO

Note we may rewrite the second premise of the given derivation as

Γ; ∆M\∆O; ΩGILΩGIRLΩGIRR\ΩGOLΩGIRLΩGIRR −→F τ

G

Γ; ∆M\∆O; ΩGILΩGIRL\ΩGOLΩGIRL −→F τ

G Lemma 31

Γ; ∆M\∆O; ΩGILΩGIRL\Ω′GOLΩGIRL −→ G ind. hyp.(1)

Φ(ΩGILΩGIRL, ·,ΩGILΩGIRL) 6∈ ΩGILΩGIRL

Note 1 + τR = 1τR

Φ(ΩGILΩGIRLΩGIRRΩRO, 1τR,ΩGILΩGIRLΩ′GIRRΩ′RO) Lemma 32.2

Γ; ∆I\∆M ; (ΩLI\Ω′LO ; ΩRI\ΩGILΩGIRLΩ′GIRRΩ′RO) −→ D P ind. hyp.(3)

Γ; ∆I\∆O; (ΩLI\Ω′LO ; ΩRI\Ω′GOLΩGIRLΩ′GIRRΩ′RO) −→ GD P rule L

We now prove completeness of >-flags derivations wrt RMS derivations.

Theorem 35 (Completeness of >-flags)

1. Γ; ∆′I\∆′O; Ω′I\Ω′O −→ G implies

there exist ∆O, ΩO, and τ such that

∆O w ∆′O and Φ(ΩO, τ,Ω′O) and

(Γ; ∆′I\∆′O; Ω′I\ΩO −→F τ

G or Γ; ∆′I\∆O; Ω′I\ΩO −→T τ

G).

2. Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′RO) −→ D P implies

there exist ∆O, ΩLO, ΩRO, τL, and τR such that

∆O w ∆′O and Φ(ΩLO, τL,Ω′LO) and Φ(ΩRO, τR,Ω′RO) and

(Γ; ∆′I\∆′O; (Ω′LI\ΩLO ; Ω′RI\ΩRO) −→F (τL ; τR)

D P or

Γ; ∆′I\∆O; (Ω′LI\ΩLO ; Ω′RI\ΩRO) −→T (τL ; τR)

D P ).

123

Proof: By structural induction on the given derivation. We give representative cases.

case:Γ; ∆′I\∆′O; Ω′I\Ω′O −→ G1 Γ; ∆′I\∆′O; Ω′I\Ω′O −→ G2

&RΓ; ∆′I\∆′O; Ω′I\Ω′O −→ G1 &G2

Γ; ∆′I\∆1; Ω′I\Ω1 −→v1 τ1

G1 and Φ(Ω1, τ1,Ω′O) and ∆1 w ∆′O

and (if v1 = F then ∆1 = ∆′O) ind. hyp.

Γ; ∆′I\∆2; Ω′I\Ω2 −→v2 τ2

G2 and Φ(Ω2, τ2,Ω′O) and ∆2 w ∆′O

and (if v2 = F then ∆2 = ∆′O) ind. hyp.

mrg(Ω1, τ1,Ω2, τ2,ΩO, τ ) and Φ(ΩO, τ,Ω′O)

for some ΩO and τ Lemma 33

mrgL(∆1, v1,∆2, v2,∆O, v) for some ∆O and v Lemma 30

Γ; ∆′I\∆O; Ω′I\ΩO −→v τ

G1 &G2 rule &R

Note if v = F then ∆O = ∆′O Lemma 30

case:init

Γ; ∆′\∆′; (Ω′L\Ω′L ; Ω′R\Ω′R) −→ P P

Then

Γ; ∆′\∆′; (Ω′L\Ω′L ; Ω′R\Ω′R) −→F (· ; ·)

P P init

case:Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′RO) −→ D P

choiceΩΓ; ∆′I\∆′O; Ω′LIDΩ′RI\Ω′LOΩ′RO −→ P

Then

Γ; ∆′I\∆O; (Ω′LI\ΩLO ; Ω′RI\ΩRO) −→v (τL ; τR)

D P

and Φ(ΩLO , τL,Ω′LO) and Φ(ΩRO, τR,Ω′RO) and ∆O w ∆′Oand (if v = F then ∆O = ∆′O) ind. hyp.

Φ(ΩLOΩRO, τL0τR,Ω′LOΩ′RO) Lemma 32.2

Γ; ∆′I\∆O; Ω′LIDΩ′RI\ΩLOΩRO −→v τL0τR

P choiceΩ

124

case:

Γ; ∆′I\∆′M ; (Ω′LI\Ω′LO ; Ω′RI\Ω′GIΩ′RO) −→ D P Γ; ∆′M\∆′O; Ω′GI\Ω′GO −→ GL

Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′GOΩ′RO) −→ GD P

( 6∈ Ω′GI and (Ω′RO = Ω′ or ·))

Γ; ∆′I\∆M ; (Ω′LI\ΩLO ; Ω′RI\ΩR) −→v (τL ; τR)

D P

and Φ(ΩLO, τL,Ω′LO) and Φ(ΩR, τR,Ω′GIΩ′RO)

and ∆M w ∆′M and (if v = F then ∆M = ∆′M) ind. hyp.

Let ΩGIΩRO = ΩR where 6∈ ΩGI and (∃Ω. ΩRO = Ω or ·)ΩR w Ω′GIΩ

′RO Lemma 32.1

Ω′GIΩ′RO = Ω′GIΩ

′ROLΩ′ROR and ΩRO w Ω′ROR and ΩGI w Ω′GIΩ

′ROL

and ΩGI = Ω′GIΩGIR and ΩGIR w Ω′ROL properties of wΓ; ∆′M\∆O; Ω′GI\ΩGO −→

v′ τG and Φ(ΩGO , τ,Ω′GO)

and ∆O w ∆′O and (if v′ = F then ∆O = ∆′O) ind. hyp.

Suppose ∆M = D′ and ∆′M = ∆O = ∆′M w ∆O

Γ; ∆M\D′; Ω′GI\ΩGO −→v′ τ

G Lemma 31.1

Thus we can generalize the above argument to show iterating

Γ; ∆M\∆O1; Ω′GI\ΩGO −→v′ τ

G and ∆O1 w ∆O for some ∆O1 Lemma 31.1

Γ; ∆′I\∆O1; (Ω′LI\ΩLO ; Ω′RI\ΩGOΩRO) −→(v∨v′) (τL ; τR)

D P L

Note if v ∨ v′ = F then ∆O1 = ∆′O.

We now have a derivation system for extended uniform ordered linear logic which

does not require any non-deterministic splitting of resources. The non-determinism

left in this system resides in the choice of formula to focus upon, the ⊕R rules, and

the choice of term t in the ∀L and ∃R rules. All of this non-determinism can be

handled in the standard ways– choosing an arbitrary order to choose clauses and try

goals; and using unification to delay picking an actually term– to give us a derivation

system whose direct implementation is reasonably efficient. Thus we can base a logic

programming interpreter on the >-flags system.

However, there are still inefficiencies in the >-flags system which can greatly slow

down proof search. Specifically, the techniques reported in [10] and [33] for improving

125

linear logic proof search can be extended to ordered linear logic and incorporated into

the >-flags system. We will delay this extension until Chapter 11, and first discuss

logic programming in ordered linear logic.

126

Chapter 10


Programming

Before linear logic programming languages, any state associated with logic programs

had to be represented as a term (typically a list) and threaded through the program

in much the same manner as state must be simulated in a purely functional language1.

With the addition of linear hypotheses to logic programs, state could be implicitly

represented by the linear context and thus moved from the term-level to the formula-

level. While this situation certainly allows for more elegant programs, it also allows

for more efficient programs as compiler technology matures. For example, Hodas and

Tamura [28] describe a theorem prover, originally in Prolog, which becomes both

more elegant and more efficient when rewritten in Lolli. Similarly, adding ordered

hypotheses to a logic programming language allows some kinds of data structures

(e.g., stacks) to be moved from the term-level to the formula-level.

In this chapter, we introduce Olli, an ordered extension of Lolli, which is based on

the >-flags derivation system of chapter 9. After attending to the few details needed

to turn the >-flags system into a logic programming interpreter, we will present a

series of example Olli programs.

1One could also resort to extra-logical features such as assert and retract; however, these con-

structs destroy the logical interpretation of a logic program, in addition to being extremely difficult

to correctly use.

127

10.1 Olli

As mentioned at the end of chapter 9, the >-flags derivation system is deterministic

enough to allow a reasonable direct implementation which gives us an ordered linear

logic programming interpreter. We will call the resulting ordered linear logic pro-

gramming language Olli. Just as ordered linear logic is a conservative extension of

intuitionistic linear logic, Olli is a conservative extension of (pure) Lolli– the formula

language of Lolli is a subset of that for Olli.

In order to turn the >-flag system into a logic programming interpreter, we need

to deal with the two remaining sources of non-determinism in the system– the choice

of a term for instantiating quantified variables; and the choices of a formula to focus

on when the goal is atomic, and a sub-goal to pursue when the goal is a disjunction.

We employ the standard treatment for both choices. We first alter the ∀L and ∃R rules

to substitute new logic variables, rather than terms, and alter the.=R rule to unify the

two terms rather than just check for equality. We then assume that disjunctive goals

and clause formulas are tried in some arbitrary and fixed order, where backtracking

allows the system to try the next choice when the current one results in failure.

At this point in time, the ideal order for trying clause formulas is not clear. The

standard solution (used by λProlog and Lolli) is to try the dynamically assumed

clauses in the reverse order of their assumption, and then try the static program

clauses from first to last. However, this “temporal” ordering is not always optimal.

For applications using the ordered context as a queue (e.g., Section 10.5), it is prefer-

able to try the ordered formulas from right to left, even though formulas are added

to the left side of the ordered context. Therefore, we have chosen, for simplicity, to

try dynamic clauses from right to left starting with the ordered context, then moving

to the linear context, then to the unrestricted context, and finally trying the static

program clauses from first to last2. Thus given the goal

D1 −D2→D3D4 P

After assuming all the new clause formulas, the order in which the clauses will be

focussed on is: D3, D4, D1, D2.

After the initial release of Lolli, more analysis of linear logic proof search yielded

2This operational semantics is actually different from that of Lolli, however there is no reason

(other than simplicity) for not using a more complicated search which matches Lolli for Lolli programs

and still tries the ordered context from right to left.

128

techniques for improving the efficiency of Lolli proof search. As it turns out, these

techniques can be extended to Olli, but we delay our treatment of them until chap-

ter 11.

We assume a typed, higher-order term language3 and implicit universal quantifi-

cation over free variables (tokens beginning with an uppercase letter). We also write

BA for AB and BA for AB in the manner of Prolog where backwards ar-

rows are left-associative, and bind looser than forwards arrows and &. We use italics

for meta-variables which stand for ground terms and typewriter for program code,

including logic variables.

The following sections contain example logic programs which may be written in

Olli. We note that all three of our system’s contexts are important for logic pro-

gramming. The program clauses will typically reside in the unrestricted context since

their use should be unrestricted. The linear context is used to hold information which

can be accessed in any order– the final examples in this chapter show how the linear

context can be put to use. The ordered context can act as a logical data structure

and hold information which must be accessed in a constrained fashion.

Section 10.2 contains a simple example which we will use to illustrate Olli’s opera-

tional behavior in detail. In later sections, we assume familiarity with the operational

semantics of Olli and concentrate mostly on the declarative interpretations of the

example programs.

10.2 Simple Examples

We begin by considering various simple programs concerned with lists. :: is the infix

list constructor and nil is the empty list.

The following program, which does not make use of the ordered fragment of the

3We will assume for the sake of simplicity that the terms are dynamically within the Lλ frag-

ment [35] which makes unification deterministic.

129

logic (and is therefore a Lolli program), can be used to permute a list.

perm (X::L) K

− (elem X− perm L K).

perm nil (X::K)

− elem X

− perm nil K.

perm nil nil.

The program works on a query perm l K by first assuming elem x for every ele-

ment x of l. This is achieved by the first clause. Then the assumptions are consumed

one by one through uses of the second clause and added to the output list. The tail

of the output list is instantiated to nil when there are no further linear assumptions,

and the last clause can therefore succeed. Because the linear context is unordered,

every possible order of linear resource consumption constitutes a valid proof where

the result variable, K, becomes instantiated to a different permutation of the input list

l. Thus, by interactively asking for solutions (or by explicitly failing), this program

can be made to enumerate all possible permutations of a list.

If we replace the linear implications by right ordered implications, only one order

remains possible: the one that reverses the list.

rev (X::L) K

(elem X rev L K).

rev nil (X::K)

elem X

rev nil K.

rev nil nil.

After assuming elem x for every element x of l, we will be in the following situation,

where we have elided the unrestricted context (which only contains the program

clauses), the always empty linear context, and all > flags

elem x1 . . . elem xn\Ω −→ rev nil K

where Ω has yet to be computed. At this point we must use the second rev clause;

choosing the final clause would lead to failure, even though the head matches, since

130

the ordered hypotheses have not been consumed. Upon choosing the second clause

we are in the following situation (remember the choiceΓ rule residuates the chosen

formula)

elem x1 . . . elem xn\Ω −→ (rev nil K.= rev nil (X::K’))•(elem X(rev nil K’1))

The first part of the goal succeeds, setting K = (X::K’), without consuming any

resources and leaving us in the following situation

elem x1 . . .elem xn\Ω −→ elem X (rev nil K’ 1)

We now proceed to solve the first subgoal, note that output context Ω′ for the first

subgoal is different than the output context Ω of the entire goal, and leave the second

subgoal pending

elem x1 . . .elem xn\Ω′ −→ elem X

At this point we must choose one of the elem xi to match the elem X in the goal.

Following our operational semantics, we start with the rightmost ordered hypothesis,

elem xn. This choice will succeed, setting X = xn, and cause Ω′ = elem x1 . . . elem xn−1.

Thus we know that K = xn::K’.

We next restore the pending goal and arrive, via the R rule, at the following

situation

elem x1 . . .elem xn−1\Ω′′ −→ rev nil K’ 1

where we know that Ω = Ω′′. The execution will proceed in the same manner,

at each step consuming the rightmost ordered hypothesis, until the input ordered

context is empty at which point, using the third program clause, the computation

will end with K = xn:: . . . ::x1::nil. Note that the goal 1 is always immediately

successful and thus we may ignore all such subgoals which build up over the course

of an execution.

When introducing this example, we mentioned that only one solution existed for

a given input list. Not choosing the rightmost ordered hypothesis, when solving goals

of the form elem X, always results in some ordered hypotheses (those to the right

of the chosen hypothesis) not being consumed and thus a failed proof attempt. We

delay a detailed explanation and analysis of this behavior until Chapter 11 where we

improve the failure mechanism for our proof search.

Note that changing the outer in the second clause will only result in changing

the in the compiled version to a •. Furthermore, this change does not affect prov-

ability since 1 is the unit for both conjunctions. In general the outermost ordered

131

arrow of an unrestricted (or linear) program clause may be either or without

affecting the semantics of a program.

We could also “uncurry” this example in the following way

rev (X::L) K

(elem X rev L K).

rev nil (X::K)

elem X rev nil K.

rev nil nil.

and maintain the exact same operational behavior. This is evident from the residua-

tion of the second clause (supposing a goal of the form rev nil K’)

(rev nil K’.= rev nil (X::K)) • ((elem X rev nil K’) 1)

which is equivalent to the residuation of the “curried” form shown earlier.

We could also change the second clause to

rev nil (X::K)

rev nil K • elem X.

and maintain the same declarative meaning as the previous versions, i.e., this ver-

sion will admit the same solutions as the other versions. However, the operational

behaviour will now be quite different. In particular, the “recursive” subgoal of this

clause, rev nil K, will be solved first. This will create a stack of pending goals of

he form elem X each of which will need to consume the leftmost ordered hypothesis

for the entire proof to succeed. Thus, due to the need to try ordered hypotheses from

right to left, each of the pending goals, elem X will have to try all of the ordered

hypotheses, and fail for each choice but the last, before succeeding.

We point out one further permutation. If we replace the nested in the first

program clause with , the program will add elements to the left of the ordered

context. Then, since the rest of the program is unchanged and requires consuming

ordered hypotheses from right to left, this modified program represents the identity

132

relation.id (X::L) K

(elem X id L K).

id nil (X::K)

elem X

id nil K.

id nil nil.

10.3 Translating to deBruijn Notation

Our first serious example is a translation between lambda terms and deBruijn style

terms. More details on this presentation of deBruijn terms and their connection to

regular terms can be found in [47]. We use the following grammars for regular terms

and deBruijn terms:

Lambda Terms e ::= x | e1 e2 | λx. e

deBruijn Terms e′ ::= 1 | e′ ↑ | e′1 e′2 | Λe′

Given a lambda term, we can construct a deBruijn term by recursively descending

through the given term’s structure and maintaining a stack of lambda-bound vari-

ables. Upon reaching a variable, its depth in the stack corresponds to the index in a

deBruijn term.

We can translate deBruijn terms to regular lambda terms with the following judge-

ment:

K ` e↔ e′

where K is a list of regular variables, i.e., K = x1 . . . xn.

Here are the derivation rules for the translation:

K ` e1 ↔ e′1 K ` e2 ↔ e′2tr app

K ` e1 e2 ↔ e′1 e′2

K x ` e↔ e′tr lamx

K ` λx. e↔ Λ e′

tr 1K x ` x↔ 1

K ` e↔ e′tr ↑

K x ` e↔ e′ ↑where x does not occur free in the conclusion of the tr lamx rule. Note that the con-

text, K, is a stack; and that the translation is non-deterministic, e.g., λx. λy. y (xx)

can be translated to both ΛΛ1 ((1 ↑) (1 ↑)) and ΛΛ1 ((1 1) ↑).

133

We can directly transcribe the previous derivation rules to an Olli program which

uses the ordered context as a stack.

We assume the following term constants (where exp and exp’ are arbitrary base

types for terms):

lam : (exp -> exp) -> exp.

app : exp -> exp -> exp.

lam’ : exp’ -> exp’.

app’ : exp’ -> exp’ -> exp’.

shift : exp’ -> exp’.

one : exp’.

lam, and app represent regular lambda terms (variables will be implicitly represented

by meta-variables); while lam’, app’, shift, and one represent deBruijn terms.

We use the following predicates:

tr : exp -> exp’ -> o. var : exp -> o.

where tr is the translation program and var is a helper predicate to store named

variables in the ordered context. We follow the λ-Prolog convention and use o to

stand for the type of propositions. tr e E’ expects a lambda term, e, and computes

an equivalent deBruijn style term, E’.

We can now transcribe each rule as a program clause. We will use the following

general scheme to encode the translation judgements as ordered linear logic sequents:

x1 . . . xn ` e↔ e′ Γ; ·; var x1 . . .var xn =⇒ tr peq pe′q

where the unrestricted context Γ contains the translation program (which we develop

below). peq is the obvious representation of regular term e using the constructors

for exp and pe′q is the representation of deBruijn term e′ using the constructors for

exp’. We will delay a formal presentation of the correctness of this encoding, and

the ensuing representation of the derivation rules, until the end of Chapter 15 where

we reformulate this example in an ordered logical framework.

We start with the tr app rule. To translate app E1 E2, we simply translate both

subterms using the current stack. Thus, eliding the unrestriced and linear contexts,

we need to reduce proving

var x1 . . . var xn =⇒ tr (app E1 E2) (app’ E1’ E2’)

to proving

var x1 . . . var xn =⇒ tr E1 E1’

134

and

var x1 . . .var xn =⇒ tr E2 E2’

where we have omitted the unrestricted and linear contexts. The xi are term-level

variables already encountered during the translation. This is achieved with the fol-

lowing clause:

tr (app E1 E2) (app’ E1’ E2’)

tr E1 E1’ & tr E2 E2’.

Notice the & gives a copy of the stack (the ordered context) to each subterm trans-

lation. Here is the compiled version of the clause which will actually be used:

(tr (app e1 e2) E’.= tr (app E1 E2) (app’ E1’ E2’))•((tr E1 E1’&tr E2 E2’)1)

where tr (app e1 e2) E’ is the goal at the time the clause is chosen.

We next consider the tr lam rule. To translate a lam E, we add a variable to the

stack and translate the body of the lambda. Thus we must reduce solving

var x1 . . .var xn =⇒ tr (lam E) (lam’ E’)

to

var x1 . . . (var xn) (var x) =⇒ tr (E x) E’

This is accomplished by the following clause:

tr (lam E) (lam’ E’)

(∀x. var x tr (E x) E’).

The inner forces the variable to be added to the top of the stack (the right side of

the ordered context4). Here is the compiled version of the clause:

(tr (lam e) E’.= tr (lam E) (lam’ E’)) • (∀x. var x tr (E x) E’) 1)

To translate a variable, which e must be if it is not an application or lambda,

we search through the stack, keeping track of how far we’ve gone, until we find the

variable. If the target variable is at the top of the stack (the rightmost var in the

context), which corresponds to the tr 1 rule, we have the following situation:

var x1 . . . (var xn) (var x) =⇒ tr x one

4This is an arbitrary choice. We could rewrite the whole program to use the left side of the

context as the top. However this would require changing the program clauses that read variables off

the stack.

135

where we are done and can throw away the rest of the stack. This is accomplished

by:

tr E one

var E

>.For this clause to be successfully used, the var E must come from the top of the stack

(the right of the ordered context) since the > can only consume data to the left of

var E. This situation is identical to that of the rev program in Section 10.2. For

reference we show the compiled version of this clause:

(tr x one.= tr E one) • (var E (> 1))

We could alternatively write the previous program clause as:

tr E one

> var E.

Using this alternate formulation does not change the declarative meaning of the pro-

gram; furthermore, it does not really change the operational semantics in any essential

way. Consider the compiled version of the clause:

(tr x one.= tr E one) • (> • (var E • 1))

Upon using this clause, after the unifyingE and x, we arrive at the following situation:

var x1 . . .var xn\Ω −→τ v> • (var x • 1)

We first solve the subgoal >, which always succeeds. Operationally > simply passes

its input context to output, and sets the >-flags. We will then be in the following

situation:

var x1 . . .var xn\Ω −→v′ τ ′

var x • 1

where v′ and τ ′ have yet to be computed. At this point, the proof search proceeds

in the same manner as before, with the rightmost ordered hypothesis always being

successfully chosen. Furthermore, it is still the case that only the rightmost resource

can be successfully used. After the preceding sequent is solved, we know τ = 1τ ′ as

mandated by the •R rule. Thus the > can only consume formulas occurring to the

left of all in Ω.

136

Finally, if the target variable is not at the top of the stack, we must reduce

var x1, . . . , var xn, var x =⇒ tr y (shift E’)

to

var x1, . . . , var xn =⇒ tr y E’

which corresponds to the tr ↑ rule. We accomplish this by the following clause:

tr E (shift E’)

var F

tr E E’.

Finally, we note that the deBruijn translation program can also be used to trans-

late the other direction, from deBruijn terms to regular terms, by using a query of

the form tr E e′ where e′ is a deBruijn term.

10.4 Mini-ML Abstract Machine

Our next example shows how a continuation-based abstract machine for evaluating

Mini-ML can be directly encoded in Olli. The basic idea is to use the ordered context

as a stack of continuations to be evaluated. We assume a standard version of Mini-

ML constructed using higher-order abstract syntax [47]. Values are distinguished

from terms by an asterisk; so z is a term while z∗ is a value.

Expressions e ::= z | s e | lamx. e | e1 e2 |(case e1 of z⇒ e2| sx⇒ e3) | v

Values v ::= z∗ | s∗ v | lam∗x. e | x

We define the continuation machine as follows:

Instructions i ::= e | return v |(case1 v1 of z⇒ e2| sx⇒ e3) |app1v1e2 | app2v1v2

Continuations K ::= init | K;λx. i

Machine States s ::= K i | answer v

137

We use the following transition rules for machine states:

st init :: init return v → answer v

st return :: K;λx. i return v → K i[v/x]

st vl :: K v → K return v

st z :: K z → K returnz∗

st s :: K s e → K;λx. return(s∗ x) e

st case :: K case e1 of z⇒ e2| sx⇒ e3 →K;λx1. case1 x1 of z⇒ e2| sx⇒ e3 e1

st case1 z :: K case1 z∗ of z⇒ e2| sx⇒ e3 → K e2

st case1 s :: K case1 (s∗ v) of z⇒ e2| sx ⇒ e3 → K e3[v/x]

st lam :: K lamx. e → K return (lam∗x. e)

st app :: K e1 e2 → K;λx1. app1 x1 e2 e1

st app1 :: K app1 v1 e2 → K;λx2. app2 v1 x2 e2

st app2 :: K app2 (lam∗x. e) v2 → K e[v2/x]

We now show how the continuation machine can be written as an Olli program.

Rather than building an explicit stack-like structure to represent the continuation

K, we will simply store instructions in the ordered context. Thus we will use the

following representation to encode the machine:

K i pKq =⇒ piq

where pKq is the representation, described below, of the continuation (stack) K and

similarly for piq.

138

We use the following signature to encode the abstract machine as an Olli program:

z : exp.

s : exp→ exp.

case : exp→ exp→ (val→ exp)→ exp.

lam : (val→ exp)→ exp.

app : exp→ exp→ exp.

vl : exp→ val.

z∗ : val.

s∗ : val→ val.

lam∗ : (val→ exp)→ val.

eval : exp→ val→ o.

ev : exp→ o.

return : val→ o.

case1 : val→ exp→ (val→ exp)→ o.

appm1 : val→ exp→ o.

appm2 : val→ val→ o.

Given the goal: return V ev e, our program will evaluate the expression e and

instantiate V with the resulting value. The intended reading of this query is: evaluate

e with the identity continuation (the continuation which just returns its value). A

goal of ev e is intended to mean: evaluate e. A goal of return V is intended to mean:

pass V to the top continuation on the stack (i.e. the rightmost element in the ordered

context).

We could use term-level lambdas to represent abstractions over instructions, λx. i,

and explicitly encode the substitutions in the transition rules (in st return, st case1 s,

and st app2) as applications. However, we will instead make use of the left implica-

tion,, and let unification implicitly achieve the required substitutions. To do this,

we will represent λx. i as ∀V.return Vpiq where piq is the representation of the

instruction i. Thus the continuation (stack) built by an evaluation of (s (s z))

init;λx. return (s∗ x);λx. return (s∗ x)

is represented as the ordered context

(return V) (∀V. return V return (s∗ V)) (∀V. return V return (s∗ V))

We will then use subgoals of the form return v to explicitly pass a value to the top

continuation on the stack. With this encoding, we will not need to explcitly represent

139

the st init and st return transition rules. We have the following representations:

init return v return V =⇒ return v

where the logic variable V is the final answer;

K;λx. i return v pKq (∀V. return Vpiq) =⇒ return v

where the ordering constraints force the proof of return v to focus on the rightmost

ordered formula.

We now show the clauses of the program. We begin with a wrapper to put queries

into the correct form:eval E V

(return V ev E).

The rest of the program clauses directly mirror the machine transition rules:

ev (vl V)

return V.

ev z

return z∗.

ev (s E)

((∀V. return V return (s∗ V)) ev E).

ev (case E1 E2 E3)

((∀V. return V case1 V E2 E3) ev E1).

case1 z∗ E2 E3

ev E2.

case1 (s∗ V) E2 E3

ev (E3 V).

ev (lam E)

return (lam∗ E).

ev (app E1 E2)

((∀V1. return V1 app1 V1 E2) ev E1).

app1 V1 E2

(∀V2. return V2 app2 V1 V2) ev E2).

app2 (lam∗ E1’) V2

ev (E1’ V2).

140

The intended reading of the ev (s E) clause (the second program clause) is this:

to evaluate (s E) evaluate E under the continuation which takes its value, V, and

passes the value s∗ V to the next continuation on the stack. Note the use of nested inside . This forces the continuations put into the ordered context to be

evaluated in stack fashion. When the goal is return V the only choice of formula to

focus on will be the rightmost formula in the ordered context.

To better illustrate this point, consider the evaluation of (s (s z)). The initial

goal will be return V ev (s (s z)) after which return V will be immediately

added to the previously empty ordered context. Next the ev (s E) clause will be

chosen to focus on and will result in ∀V. return V return (s∗ V) being added to

the right end (because of ) of the ordered context. The new goal will be ev (s z)

and the previous step will be repeated. At this point, the goal will be ev z which will

cause the appropriate progam clause (the second in the preceding program listing) to

be focused on and give rise to a new goal of return z∗.

The ordered context now consists of:

(return V) (∀V. return V return (s∗ V)) (∀V. return V return (s∗ V)).

Since there is no program clause whose head matches the goal, one of the clauses

in the ordered context must be focused on. Although all the ordered clauses match

the goal, only the rightmost one can be successfully chosen. The leftmost clause

obviously cannot work since it is atomic and the other clauses are also in the ordered

context. The middle clause also does not work because the requires that the body

of the clause be solved with resources to the left of the clause which would prevent

the rightmost clause from being consumed.

10.5 Mergesort

Our next example, a merge sort, shows how the ordered context can be used as a

queue. The merge sort algorithm takes an input list, breaks it up into singleton lists

and merges pairs of adjacent lists into larger sorted lists. This process repeats until

one sorted list is left. The algorithm can be implemented with a queue. After the

initial setup– enqueing the singleton lists– we can repeatedly dequeue two lists and

enqueue their merge until only one list is in the queue.

141

We use the following predicates:

mergeSort : list int→ list int→ o.

msort : list int→ o.

srt : list int→ o.

where mergeSort is the main program, whose first argument is the input list and

whose second argument is the output; msort is a helper predicate which does the

actual work; and srt is a wrapper which allows lists to be stored in the ordered

context (the queue).

The computation proceeds in two phases. Assuming an input list x1:: · · · ::xn::nilwe want to reduce solving

· =⇒ mergeSort(x1:: · · · ::xn::nil) L

to solving

srt(x1 :: nil) . . . srt(xn :: nil) =⇒ msort L

We achieve this with the two clauses

mergeSort (H::T) L

(srt (H::nil) mergeSort T L).

mergeSort nil L msort L.

In the first clause, the embedded causes the new srt hypothesis to be added to

the right of all the other ordered hypotheses (the top of our queue).

In the second phase we assume a general situation of the form

(srt ln) . . . (srt l2)(srt l1) =⇒ msort L

where the li are already sorted and L is still to be computed. Starting from the right,

we merge l1 and l2 and add the result to the left end of the ordered context, in effect

using it as a work queue. The resulting situation will be

(srt l12)(srt ln) . . . (srt l4)(srt l3) =⇒ msort L

which is then treated the same way, merging l3 and l4. We finish when there is only

one element srtk in the ordered context and unify L with k. This is expressed by

142

the following two clauses.

msort L

srt L1

srt L2

← merge L1 L2 L12

(srt L12 msort L).

msort L srt L.

In the first clause, similar to the previous example, the three require that the two

srt hypotheses be taken from the right of the ordered clauses used to solve the rest

of the body. The unrestricted implication, ←, is used for the call to merge since the

merge operation does not make use of the ordered (or linear) context. The embedded

causes the new srt clause to be inserted at the left end of the ordered consequences

available to the recursive computation of msort. Since all ordered assumptions must

be used, the final clause above can succeed only if the complete list has indeed been

sorted, that is, there is only one ordered hypothesis srt l.

The standard Prolog-style merge predicate which, given two sorted lists l1 and l2,

returns a sorted merge l12 is as follows

merge (H1::T1) (H2::T2) (H2::T3)

← H1 > H2

← merge (H1::T1) T2 T3.

merge (H1::T1) (H2::T2) (H1::T3)

← H1 =< H2

← merge T1 (H2::T2) T3.

merge L nil L.

merge nil L L.

If we change the first msort clause to assume L12 on the right, by writing (srt L12msort L) instead of (srt L12 msort L), then we obtain an insertion sort because

after one step we arrive at

(srt ln) . . . (srt l3)(srt l12)

which will next merge l3 into l12, etc.

143

10.6 Breadth-First Tree Numbering

Our next example also employs the ordered context as a queue. We show a program

for computing the breadth-first numbering of a given tree. Given a tree as input,

this program will compute a tree with the same structure whose nodes are labeled

with integers corresponding to their order in a breadth-first traversal. This example

directly encodes the algorithm proposed by Okasaki in [41].

The program essentially executes a breadth-first traversal of the given tree by

using the ordered context as a work queue. The right end of the context will be the

top of the queue; thus we will always use to enqueue data. The root of the tree at

the top of the work queue is always the next node to visit in the traversal. Thus, upon

dequeing a tree, we enqueue its children and continue on. We build up the answer tree

while “traversing” the input tree. This aspect of the computation requires the use of

a double queue in the (eager) functional setting. However, we may entirely sidestep

this issue with Olli by using logic variables to implicitly reconstruct our answer tree.

We assume the following tree constructors

node : α→ tree α→ tree α→ tree α. empty : tree α.

for a parameterized type tree.

We make use of the following predicates in our program:

nd : (treeα)→ (tree int)→ o.

bf num : (treeα)→ (tree int)→ o.

bf : int→ o.

where int is the type of Peano numbers with the usual constructors z and s. nd stores

an input (sub)tree and the equivalent breadth-first numbered (sub)tree. bf num is our

main predicate and bf is a helper predicate which simply cycles through the work

queue implicitly represented by the ordered context.

We begin by enqueuing the whole tree and setting the counter to 0.

bf num T T’

(nd T T’ bf z).

We will now be in the following (generalized) situation:

(nd t1 T1) . . . (nd tm Tn) =⇒ bf n

144

If the queue is empty, we are done.

bf N.

No further computation is required since unification will have already reconstructed

the complete answer tree. Note that this clause will only succeed if the ordered

context is empty.

If there is an empty tree at the top of the queue

(nd t1 T1) . . . (nd empty T’) =⇒ bf n

then we just ignore it since there are no leaves to include in the breadth-first num-

bering.

bf N

nd empty empty

bf N.

Note that this clause, like similar clauses in the previous examples, can only succeed

when the first subgoal matches the rightmost ordered clause.

If there is a non-empty tree at the top of the queue

(nd t1 T1) . . . (nd (node v tl tr) T’) =⇒ bf n

mark the answer subtree’s root node with the current node number (accomplished by

unification), enqueue the two children and continue on with the current node number

incremented.bf N

nd (node L R) (node N L’ R’)

(nd L L’ nd R R’ bf (s N)).

Note that the two children must be enqueued in the order written above to achieve

the correct ordering

(nd tr R’)(nd tl L’)(nd t1 T1) . . . =⇒ bf (s n)

10.7 Breadth-First Search Graph Numbering

Our next example continues the theme of breadth-first search. However, we will

now show a more involved program which computes the shortest distance from a

145

given start node to every other node in a graph (assuming equal length edges). This

example will make use of all three contexts.

This program will be given a graph5 and a start node as input. It will return a list

of distances from the start node to each other graph node. The computation proceeds

by executing a breadth-first traversal of the graph during which each node is marked

with the its distance from the start node. The shortest distance is guaranteed since

the traversal is breadth-first.

This program will assume graphs are lists of nodes with their associated edge lists.

We make the following type definition:

graph α ≡ (list (α× (list α)))

Thus we have the following representation:

d e

b c

a

/

SSSw

? ?

≡ [ <a,[b,c]>, <b,[d]>, <c,[e]>, <d,[]>, <e,[d]> ]

and the result of running our program on this graph with a given

as the start node would be:

[ <a,0>, <b,1>, <c,1>, <d,2>, <e,2> ]

We will use the following predicates for our program (where opt is the standard

parametrized option type):

bfs main : (graph α)→ α→ (list (α × (opt int)))→ o.

bfs : (graph α)→ α→ o.

bfs’ : α→ int→ o.

bfs’’ : (list α)→ int→ o.

finish : (graph α)→ (list (α× (optint)))→ o.

nodes : (graph α)→ (list (α× (optint)))→ o.

node : (α × (list α))→ o.

used : (α × int)→ o.

next : (α × int)→ o.

5We assume that each node is uniquely labelled in the graph.

146

where the arguments to bfs main are the input graph, start node and result list

respectively; bfs, bfs’ and bfs’’ are helper predicates; finish is a predicate to

package up the results of the computation into the output list; and the final four

predicates allow various terms to be stored in the various contexts.

The program begins by placing a copy of the entire input graph into the context

for later use. We will need this at the end of the computation to gracefully deal with

disconnected graphs.

bfs main G S R

← (nodes G R→ bfs G S).

After storing away a copy of the input graph, we begin by placing each node of

the graph, with its edge list, into the linear context. When done placing the entire

graph into the linear context, we call bfs’ to begin the traversal at the specified start

node, S, with current distance 0.

bfs (N::G) S

− (node N− bfs G S).

bfs nil S

− bfs’ S z.

We are now ready to begin the breadth-first traversal, each step of which is broken

into two stages. In the first stage, we will be in the following situation:

Γ(nodes g R) ; ∆ ; (next <v1, d1>) . . . (next <vn, dn>) =⇒ bfs’ v d

where Γ contains the program clauses, g is the original input graph, ∆ contains either

node <vi, ei> or used <vi, d′i> for each node label vi in g, and v = vi for some i.

First we take the node we are going to start with, v, out of the linear context. We

then mark v as used, also recording the current distance, and pass v’s edge list to the

second stage of the search process. If v was already encountered earlier in the search,

we continue to the second stage without passing it’s edge list.

bfs’ V D

− node <V,E>

(used <V,D>− bfs’’ E D).

bfs’ V D

− used <V,D’>

(used <V,D’>− bfs’’ nil D).

147

At the beginning of the second stage, we will be in the following situation:

Γ(nodes g R) ; ∆ ; (next <v1, d1>) . . . (next <vn, dn>) =⇒ bfs’’ e d

We now add new edges to the work queue and then pick a node off the top of the

queue to continue the search from (return to the first stage with). If there are no

nodes left in the queue, the computation is finished and we just need to package up

the results. We accomplish this by passing our copy of the input graph and the final

result list to finish.

bfs’’ (V::Vs) D

(next <V,D> bfs’’ Vs D).

bfs’’ nil D

next <V,D’>

bfs’ V (s D’).

bfs’’ nil D

← nodes G R

− finish G R.

Once the computation is finished, the ordered context will be empty and the linear

context will contain each node’s distance from start node (if the node was reachable).

Γ(nodes g R) ; ∆ ; · =⇒ finish g R

The program finishes by placing all of the graph nodes and their distances into the

output list. Unreachable nodes, left in the context from the initialization process, will

be marked with none.

finish nil nil.

finish (<V,E>::G) (<V,some D>::R)

− used <V,D>

− finish G R.

finish (<V,E>::G) (<V,none>::R)

− node <V,E>

− finish G R.

10.8 Parsing

The following example is a fragment of a parsing program from [50]. This exam-

ple shows how Olli can be used to directly parse grammatical constructions with

148

unbounded dependencies such as relative clauses.

1 : snt vp np.

2 : vp np tv.

3 : rel whom (np− snt).

4 : np jill.

5 : tv married.

We may intuitively read the formulas in the following manner: snt vp np

states that a sentence is a verb phrase to the right of a noun phrase. We can use

these formulas to parse a phrase by putting each word of the sentence into the ordered

context and trying to derive the atomic formula corresponding to the phrase type.

This method of parsing was used by Lambek in his paper introducing the Lambek

calculus [32].

We may interpret clause 3 as: a relative clause is whom to the left of a sentence

missing a noun phrase. As explained in [26] this is a standard interpretation of relative

clauses. By putting a np into the linear context, the sentence after whom will only be

successfully parsed if it is indeed missing a noun phrase.

We now show a trace of the above formulas parsing a relative clause, showing at

each step the resource sequent (including the current goal), the pending goals, and

the the rule applied. The unrestricted context containing the above program is left

implicit.

Action Active hypotheses and goal Goals pending

· ; whom jill married−→ rel none

reduce by 3 · ; whom jill married−→ whom np− sntsolved, restore pending goal · ; jill married−→ np− snt none

assume np ; jill married−→ snt none

reduce by 1 np ; jill married−→ vp np

reduce by 2 np ; jill married−→ np tv , np

solved, restore pending goal · ; jill married−→ tv np

reduce by 5 · ; jill married−→ married np

solved, restore pending goal · ; jill −→ np none

reduce by 4 · ; jill −→ jill none

solved

Using the linear context in manner described above has some limitations which

149

should be pointed out. The correct parsing of dependent clauses typically constrains

where the relative pronoun may fill in for a missing noun phrase. Most relative

clauses, rather than being sentences missing noun phrases are really sentences whose

verb phrase is missing a noun phrase.

If we changed the relative clause to be whom married jill we would not have

a grammatically correct relative noun. However the parser given above will be able

to parse the modified phrase since the location of the missing noun phrase is not

constrained. There are a variety of simple ways to fix this problem for the small

parser given above. For instance, we could define a new type of sentence in which the

verb phrase is missing a noun phrase. This basically amounts to using gap-locator

rules as described in [42] [26].

The parsers given in [26], which logically handle some constraints on the place-

ment of dependencies, are constructed quite differently from the Olli parser we have

presented. Rather than placing the input to be parsed into the context, they pass

it around as a list. They do however use the linear context to store fillers— empty

noun phrase predicates which can be used when an actual noun phrase is missing in

the sentence— in the same manner as the above parser does. We point out that all

of the (pure) Lolli parsers are also valid Olli programs since (pure) Lolli is a subset

of Olli.

In fact with this threaded style of parser, Olli is able to correctly handle at least

one natural language phenomenom which could not be done in pure Lolli. When a

relative clause occurs inside a relative clause, correct parses of the sentence should

associate the inner relative pronoun with the first missing noun phrase in the clause

and the second with the second. In other words, dependencies should not cross inside

a nested relative clause. Consider the phrase: the book that the man whom

Jane likes GAP wrote GAP where GAP denotes a missing noun phrase. The

first GAP should correspond to the man and not to the book.

Since the Lolli parser (as well as the Olli parser given above) introduces fillers into

the linear context, there is no way to force the parser to use one or the other of two

suitable fillers. Thus the Lolli parser would parse the preceding sentence in two ways,

only one of which would be correct. Hodas’ solution was to rely on a non-logical

control construct and the operational semantics of Lolli to prevent the bad parse.

One can easily see (as Hodas remarked) that such a situation can be directly handled

in Olli by putting the fillers into the ordered context.

150

Chapter 11

Eager Failure

While the >-flags derivation system of chapter 9 provides a reasonably efficient proof

search procedure for Olli, it does not take full advantage of the ordering constraints

to fail as soon as possible. Since the Olli’s operational semantics specify a depth first

search, it is advantageous to fail as early as possible in order to minimize program

execution time. A >-flags derivation can only fail when an atom does not match the

head of the focus formula in the init rule, or when an ordered, or linear, hypothesis

is not consumed. This second condition is only tested after the output context of the

R,R, and −R rules are computed. However, by adding a little bit of information

to the sequents, it is possible to eagerly detect such a failure much earlier during proof

search.

In [10], Cervesato et al. introduced RM3, a derivation system for Lolli which

better utilized the linearity constraints and failed earlier than previous systems. Lopez

and Pimentel then refined this approach in [33], taking advantage of the operational

semantics of derivation search, and produced an equivalent system, the frame system,

better suited to implementation than RM3. In this chapter, we extend Lopez and

Pimentel’s approach to OLL and produce a derivation system which fails much sooner

than the >-flags system.

11.1 Failing Earlier in Linear Logic

In order to fail earlier, we keep track of which parts of the linear context must be

consumed and which parts need not be consumed in a derivation. Then, at the end of

151

a derivation branch (in the init rule), we require that the whole linear context need

not be consumed. For this reason we will call our new derivation system strict– we do

not allow hypotheses into output contexts if we know they will never be consumed.

We determine a formula will never be consumed if there is no possibility of it being

passed into a future derivation branch (assuming bottom-up, left-to-right derivation

construction).

Consider the following example of a failed derivation (for a purely linear system):

initP1P2\P1P2 −→ P P

initP2\P2 −→ P1 P1

choice∆P1P2\P2 −→ P1 −L

P1P2\P2 −→ P1 − P Pchoice∆

P1P2(P1 − P )\P2 −→ P−R

P1P2\P2 −→ (P1 − P ) − P−R

P1\failure −→ P2 − (P1 − P )− P−R

· \− −→ P1 − P2 − (P1 − P )− P

This derivation fails because of the unused hypothesis P2. As written, the failure is

not detected until the output of the −R rule is checked. However, it is possible to

tell that the derivation must fail at the P2\P2 −→ P1 P1 sequent, the rightmost

leaf of the tree. At that point, all the proof branches have been completed, yet there

is still an unused hypothesis. Therefore the proof must fail since this hypothesis will

never be consumed.

To fail earlier, we must simply collect enough information to let the init rules

determine whether there are any pending branches in the search tree into which

the ordered and linear hypotheses will be passed. The RM3 system achieves this

by maintaining separate contexts to distinguish hypotheses which will get passed on

from those which will not. The frame system achieves the same end without separate

contexts by taking advantage of the fact that hypotheses are always added to the

right side of the linear context. Thus the linear context forms a stack-like structure

where the top stack frame contains the strict formulas, i.e., the ones which will not

be passed on.

Rather than forming explicit stacks, one may achieve the same result as the frame

system by allowing a special symbol in the context which essentially starts a new

stack frame. We will use the symbol / and call it a frame pointer. A strict derivation

152

system1, for linear logic, using frame pointers can be characterized by the following

inference rules:

δ(·) δ(∆/)

δ(∆)

δ(∆)

δ(∆)init

∆\∆ −→ P P

∆I / \∆M/ −→ D P ∆M\∆O −→ G−L

∆I\∆O −→ G−D P

∆I\∆O −→ D P ·\· −→ G→L

∆I\∆O −→ G−D P

where all the other inference rules are unchanged. The check in the init rule causes

eager failures. The new frame pointer is added in the −L rule because all linear

hypotheses in the output of the first premise will be passed into the second premise.

However, in the →L rule we do not add a frame pointer because no linear hypotheses

will be passed into the second premise.

We rewrite the previous example, using frame pointers as follows:

δ(P1P2/)init

P1P2 / \P1P2/ −→ P P

failureinit

P2\− −→ P1 P1choice∆

P1P2\− −→ P1 −LP1P2\− −→ P1 − P P

choice∆P1P2(P1 − P )\− −→ P

−RP1P2\− −→ (P1 − P )− P

−RP1\− −→ P2 − (P1 − P ) − P

−R· \− −→ P1 − P2 − (P1 − P ) − P

where the proof search fails in the init rule since δ(P2) does not hold.

1We ignore the lazy treatment of > which is an orthogonal issue.

153

11.2 Extension to Ordered Contexts

Although the frame pointer machinery works well for linear contexts, it is not directly

applicable to ordered contexts. There are two basic differences between linear and

ordered contexts which stand in our way. Firstly, formulas are added to both sides of

the ordered context, unlike the linear context in which formulas are always added on

one side. Secondly, the ordered context is split between premises in the multiplicative

rules, this stands in contrast to the linear context which is never syntactically split

apart.

The main idea behind the extension of frames to ordered contexts is simply to

add another type of frame pointer, ., which points to the right. The ability to start

a frame from either end of the context is exactly what is needed for dealing with the

deterministic ordered context splitting in our resource management system (and its

extension by >-flags). To see this more clearly, consider the left rules for the ordered

implications (ignoring the unrestricted and linear contexts, and ignoring >-flags).

ΩLI\ΩLO; ΩRI\ΩGIΩRO −→ D P ΩGI\ΩGO −→ G

ΩLI\ΩLO; ΩRI\ΩGOΩRO −→ GD P


In the rule for , only the formulas (ΩGI) on the left-hand side of the right output

context will get passed into the pending proof branch for G.

However, in the rule for ΩLI\ΩLOΩGI ; ΩRI\ΩRO −→ D P ΩGI\ΩGO −→ G

ΩLI\ΩLOΩGO ; ΩRI\ΩRO −→ GD P


only formulas on the right-hand side of the left output context (ΩGI) get passed on.

Thus we need the ability to start frames on the left-hand side of the ordered context

to correctly deal with , and on the right-hand side to deal with .

Following this reasoning, we will end up with rules of the form:

(ΩL = .Ω or ΩL = Ω/ or ΩL = ·) and (ΩR = .Ω′ or ΩR = Ω′/ or ΩR = ·)ΩL\ΩL; ΩR\ΩR −→ P P

ΩLI / \ΩLOΩGI/; ΩRI\ΩRO −→ D P ΩGI\ΩGO −→ G



154

ΩLI\ΩLOΩGI ; .ΩRI\ .ΩRO −→ D P ΩGI\ΩGO −→ G


( 6∈ ΩGI and (ΩRO = or ·))The frame pointers are simply stating that some the portions of the ordered context

will get passed on to some pending proof branch. That is why the init rule will accept

a context as long as there is at least one pointer on the whole context. When we add

a / to the left context in the rule for , we are stating that the rightmost portion,

which does not contain , of the left output context will be passed on to the proof

branch for G.

The last detail to consider is that formulas are added on both the left and right

side of the context. The system outlined above does not fully account for this as

shown by the following example:

initD / /\D / /; ·\· −→ C C

init· \·;BD / \BD/ −→ A A

choiceΩABD / \BD/ −→ A

RBD / \BD/ −→ A A

RD / \failure −→ BAA

LD / \−; ·\− −→ (BAA)C C not done

LD\−; ·\− −→ D (BAA)C C

choiceΩD(D (B A A) C)\− −→ C

The failure does not occur until the R rule explicitly checks that the B was con-

sumed. We can allow the the failure occur in the init rule by constraining the scope

of the frame pointer to not include hypotheses added to the context after the frame

pointer. We will achieve this scoping by tagging hypotheses and frame pointers with

an integer, or “level”, and carrying around the current level on the sequent arrow.

We make the following definition:

Ω = maxn|Dn ∈ Ω

and define the following relation which plays a similar role for ordered contexts as δ

plays for linear contexts:

o(·)

Ω ≤ m

o(m.Ω)

Ω ≤ m

o(Ωm/)

155

With the above considerations and definitions, our rules take the following form:

o(ΩL) o(ΩR)

ΩL\ΩL; ΩR\ΩRn−→ P P

ΩLIn/ \ΩLOΩGI

n/; ΩRI\ΩRO

n−→ D P ΩGI\ΩGOn+1−→ G

ΩLI\ΩLOΩGO ; ΩRI\ΩROn−→ GD P


ΩLI\ΩLOΩGI ;n.ΩRI\

n.ΩRO

n−→ D P ΩGI\ΩGOn+1−→ G

ΩLI\ΩLOΩGO ; ΩRI\ΩROn−→ GD P


ΩIDn\ΩO n−→ G

R

ΩI\ΩOn−→ DG

DnΩI\ΩOn−→ G

R

ΩI\ΩOn−→ DG

Note that the derivation rules maintain the following invariant. Every unconsumed

portion of an output context will be flanked by a frame pointer, whose tag is at least

as big as all the formula tags in the portion, explicitly denoting that the portion will

be passed into a pending proof branch. This invariant will also hold for the full strict

derivation system presented in Section 11.3.

11.3 Strict Derivation System

This section presents the complete strict derivation system which extends the >-flags

system of Chapter 9.

As usual we will have two types of sequents

Γ; ∆I\∆O; ΩI\ΩOn−→v τ

G

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO)n−→

v (τL ; τR)D P

where n is a natural number; input contexts, ΩxI , are lists of tagged clause formulas,

Gn, and pointers,n/ and

n.; and output contexts, ΩxO, are lists of tagged clause

formulas, placeholders and pointers; Γ, ∆x and τx are unchanged from the >-flags

system.

156

Before showing the strict inference rules, we need to extend all of the machinery

used in >-fags derivations to work on strict contexts. We begin by extending w to

work on strict linear and ordered contexts:

· w ·Ψ w Ψ′

ΨDm w Ψ′Dm

Ψ w Ψ′

ΨDm w Ψ′

Ψ w Ψ′

Ψn/ w Ψ′

n/

Ψ w Ψ′

Ψn. w Ψ′

n.

Ψ w Ψ′

Ψ/ w Ψ′/

We next consider mrg for strict ordered contexts:

mrg(·, τ1, ·, τ2, ·, τ1 ∗ τ2)

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

mrg(DmΩ1, τ1, DmΩ2, τ2, D

mΩ, τ )

mrg(Ω1, 1τ1,Ω2, τ2,Ω, τ )(0 6∈ τ ′2)

mrg(DmΩ1, 1τ1,Ω2, τ′20τ2,Ω, τ ′20τ )

mrg(Ω1, τ1,Ω2, 1τ2,Ω, τ )(0 6∈ τ ′1)

mrg(Ω1, τ′10τ1, D

mΩ2, 1τ2,Ω, τ ′10τ )

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )(0 6∈ τ ′i)

mrg(Ω1, τ′10τ1,Ω2, τ

′20τ2,Ω, (τ ′1 ∗ τ ′2)0τ )

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

mrg(n.Ω1, τ1,

n.Ω2, τ2,

n.Ω, τ )

mrg(Ω1, τ1,Ω2, τ2,Ω, τ )

mrg(n/Ω1, τ1,

n/Ω2, τ2,

n/Ω, τ )

Finally we extend mrgL to strict linear contexts.

mrgL(·, v1, ·, v2, ·, v1 ∧ v2)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(/∆1, v1, /∆2, v2, /∆, v)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(D∆1, v1, D∆2, v2, D∆, v)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(∆1, v1,∆2, v2,∆, v)

mrgL(∆1, T,∆2, v2,∆, v)

mrgL(D∆1, T,∆2, v2,∆, v)

mrgL(∆1, v1,∆2, T,∆, v)

mrgL(∆1, v1, D∆2, T,∆, v)

We state the following lemma which we will use in the proof of Lemma 42.

157

Lemma 36 mrgL(∆1, v1,∆2, v2,∆, v) and δ(∆1) and δ(∆2) implies δ(∆).


We may now write the inference rules for strict derivations:

δ(∆) o(Ω) .=R

Γ; ∆\∆; Ω\Ω n−→F ·

P.= P

δ(∆) o(Ω) Γ; ·\·; ·\· n−→v τ

G

!RΓ; ∆\∆; Ω\Ω n−→

F ·!G

o(Ω) Γ; ∆I\∆O; ·\· n−→v τ

G¡R

Γ; ∆I\∆O; Ω\Ω n−→v ·

!G

ΓD; ∆I\∆O; ΩI\ΩOn−→v τ

G→R


D→G

Γ; ∆ID\∆O; ΩI\ΩOn−→F τ

G

−RFΓ; ∆I\∆O; ΩI\ΩO

n−→F τ

D→G

Γ; ∆ID\∆OX ; ΩI\ΩOn−→T τ

G

−RTΓ; ∆I\∆O; ΩI\ΩO

n−→T τ

D→G

(X = or X = D)

Γ; ∆I\∆O; ΩIDn\ΩO n−→

v τ0τ ′G

R0 (0 6∈ τ ′)Γ; ∆I\∆O; ΩI\ΩO

n−→v τ

DG

Γ; ∆I\∆O; ΩIDn\ΩOD

n n−→v τ1

G

R1

Γ; ∆I\∆O; ΩI\ΩOn−→

v τ1DG

Γ; ∆I\∆O;DnΩI\ΩOn−→

v τ ′0τG

R0 (0 6∈ τ ′)Γ; ∆I\∆O; ΩI\ΩO

n−→v τ

DG

Γ; ∆I\∆O;DnΩI\DnΩOn−→

v 1τG

R1

Γ; ∆I\∆O; ΩI\ΩOn−→

v 1τDG

158

Γ; ∆I / \∆M/; ΩIn/ \ΩLΩ2

n/

(n+1)−→v1 τL

G1 Γ; ∆M\∆O; Ω2\ΩR(n+1)−→v2 τR

G2

•R0

Γ; ∆I\∆O; ΩI\ΩLΩRn−→

(v1∨v2) (τL+τR)G1 •G2

( 6∈ Ω2 and (ΩL = or ·) and τL 6= τ1)

Γ; ∆I / \∆M/; ΩIn/ \ΩLΩ2

n/

(n+1)−→v1 τL1

G1 Γ; ∆M\∆O;n.Ω2\

n. ΩR

(n+1)−→v2 τR

G2

•R1


(v1∨v2) (τL+τR)G1 •G2

( 6∈ Ω2 and (ΩL = or ·))

Γ; ∆I / \∆M/;n.ΩI\

n. Ω2ΩR

(n+1)−→v1 τR

G1 Γ; ∆M\∆O; Ω2\ΩL(n+1)−→v2 τL

G2

R0


(v1∨v2) (τL+τR)G1 G2

( 6∈ Ω2 and (ΩR = or ·) and τR 6= 1τ)

Γ; ∆I / \∆M/;n.ΩI\

n. Ω2ΩR

(n+1)−→v1 1τR

G1 Γ; ∆M\∆O; Ω2n/ \ΩL

n/

(n+1)−→v2 τL

G2

R1


(v1∨v2) (τL+1τR)G1 G2

( 6∈ Ω2 and (ΩR = or ·))

δ(∆) o(Ω)1R

Γ; ∆\∆; Ω\Ω n−→F ·

1>R

Γ; ∆\∆; Ω\Ω n−→T 1

>

Γ; ∆I\∆1; ΩI\Ω1n−→

v1 τ1G1 Γ; ∆I\∆2; ΩI\Ω2

n−→v2 τ2

G2

mrg(Ω1, τ1,Ω2, τ2,ΩO, τ)

mrgL(∆1, v1,∆2, v2,∆O, v)

&R


G1 &G2


G1

⊕R1


G1 ⊕G2


G2

⊕R2


G1 ⊕G2

159

1;D P \ G ΓLDGR; ∆I\∆O; ΩI\ΩOn−→v τ

G

choiceΓ

ΓLDΓR; ∆I\∆O; ΩI\ΩOn−→v τ

P

1;D P \ G Γ; ∆LI∆RI\∆O; ΩI\ΩOn−→v τ

G

choice∆

Γ; ∆LID∆RI\∆O; ΩI\ΩOn−→v τ

P


v (τL ; τR)D P

choiceΩ

Γ; ∆I\∆O; ΩLIDmΩRI\ΩLOΩRO

n−→v τL0τR

P

δ(∆) o(ΩL) o(ΩR)init

Γ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR)n−→

F (· ; ·)P P


v (τL ; τR)D1 P

&L1




v (τL ; τR)D2 P

&L2




v (τL ; τR)D P Γ; ·\·; ·\· n−→

v′ τ ′G

→L


v (τL ; τR)G→D P

Γ; ∆I / \∆M/; (ΩLI\ΩLO ; ΩRI\ΩRO)n−→

v1 (τL ; τR)D P Γ; ∆M\∆O; ·\· n−→

v2 τG

−LΓ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO)

n−→(v1∨v2) (τL ; τR)

G−D P

160

Γ; ∆I / \∆M/; (ΩLI\ΩLO ;n.ΩRI\

n.ΩGIΩRO)

n−→v1 (τL ; τR)

D P

Γ; ∆M\∆O; ΩGI\ΩGO(n+1)−→v2 τ

G

L0

Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩGOΩRO)n−→


( 6∈ ΩGI and (ΩRO = or ·) and τR 6= 1τ)

Γ; ∆I / \∆M/; (ΩLI\ΩLO ;n.ΩRI\

n. ΩGIΩRO)

n−→v1 (τL ; 1τR)

D P

Γ; ∆M\∆O; ΩGIn/ \ΩGO

n/

(n+1)−→v2 τ

G

L1


(v1∨v2) (τL ; τ+1τR)GD P


Γ; ∆I / \∆M/; (ΩLIn/ \ΩLOΩGI

n/ ; ΩRI\ΩRO)

n−→v1 (τL ; τR)

D P

Γ; ∆M\∆O; ΩGI\ΩGO(n+1)−→v2 τ

G

L0


(v1∨v2) (τL+τ ; τR)GD P

( 6∈ ΩGI and (ΩLO = or ·) and τL 6= τ1)

Γ; ∆I / \∆M/; (ΩLIn/ \ΩLOΩGI

n/ ; ΩRI\ΩRO)

n−→v1 (τL1 ; τR)

D P

Γ; ∆M\∆O;n.ΩGI\

n. ΩGO

(n+1)−→v2 τ

G

L1


(v1∨v2) (τL1+τ ; τR)GD P


11.4 Correctness of Strict Derivations

Proving the soundness of strict derivations wrt >-flags derivations is trivial since each

strict derivation, when stripped of tags and pointers, is a >-flags derivation.

161

Theorem 37

1. Γ; ∆I\∆O; ΩI\ΩOn−→v τ

G implies ∃∆′I ,∆′O,Ω′I ,Ω′O.Γ; ∆′I\∆′O; Ω′I\Ω′O −→

v τG

2. Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO)n−→

v (τL ; τR)D P implies

∃∆′I,∆′O,Ω′LI ,Ω′LO,Ω′RI,Ω′RO.Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′RO) −→

v (τL ; τR)D P

Proof: Structural induction on given derivation.

In order to prove the other direction, we introduce some machinery to relate >-

flags contexts to strict contexts.

We start with Θ which relates a >-flags context, not containing , to a strict

context.

Θn(·, ·)

Θn(Ω,Ω′)(m ≤ n)

Θn(Ω,m.Ω′)


Θn(Ω,m/Ω′)


Θn(DΩ, DmΩ′)

We will make use of the following properties of Θ.

Lemma 38

1. Θn(ΩLΩR,Ω′) implies

∃Ω′L,Ω′R. Ω′LΩ′R = Ω′ and Θn(ΩL,Ω′L) and Θn(ΩR,Ω′R).

2. Θn(ΩL,Ω′L) and Θn(ΩR,Ω

′R) implies Θn(ΩLΩR,Ω

′LΩ′R).

3. Θn(Ω,Ω′LΩ′R) and m ≤ n implies Θn(Ω,Ω′Lm. Ω′R) and Θn(Ω,Ω′L

m/ Ω′R).

4. Θm(Ω,Ω′) and m ≤ n implies Θn(Ω,Ω′) .

5. Θn(Ω,Ω′) implies Ω′ ≤ n.


162

We now relate >-flags input/output context pairs to strict input/output context

pairs.

Ξn(·\·, ·\·)Ξn(Ω\Ω,Ω′\Ω′) Ξn(ΩI\ΩO,Ω′I\Ω′O)

Ξn(ΩDΩI\ΩΩO,Ω′DmΩ′I\Ω′Ω′O)

( 6∈ Ω,m ≤ n)

Θm(Ω,Ω′)

Ξn(Ω\Ω,Ω′ m/ \Ω′m/)

( 6∈ Ω,m ≤ n)

Θm(Ω,Ω′)

Ξn(Ω\Ω,m.Ω′\ m. Ω′)

( 6∈ Ω,m ≤ n)

Since we will only translate successful >-flags derivations to strict derivations, we

must ensure that the translated output contexts satisfy the invariant on strictness

derivations stated at the end of Section 11.2.

We make use of the following properties of Ξ.

Lemma 39

1. Ξn(Ω\Ω,Ω′I\Ω′O) implies Ω′I = Ω′O.

2. Ξn(ΩI\ΩO,Ω′I\Ω′O) implies Θn(ΩI ,Ω′I).

3. Ξn(ΩLIDΩRI\ΩLOΩRO,Ω′I\Ω′O) and ΩLI w ΩLO and m ≤ n

implies ∃Ω′LI ,Ω′RI ,Ω′LO,Ω′RO.Ω′I = Ω′LID

mΩ′RI and Ω′O = Ω′LOΩ′RO and

Ξn(ΩLI\ΩLO,Ω′LI\Ω′LO) and Ξn(ΩRI\ΩRO,Ω′RI\Ω′RO).

4. Ξn(ΩLI\ΩLO,Ω′LI\Ω′LO) and Ξn(ΩRI\ΩRO,Ω′RI\Ω′RO) and m ≤ n implies

Ξn(ΩLIDΩRI\ΩLOΩRO,Ω′LIDmΩ′RI\Ω′LOΩ′RO).

5. Ξn(ΩI\ΩO,Ω′LIΩ

′RI\Ω′LOΩ′RO) implies

Ξn(ΩI\ΩO,Ω′LIn. ΩRI\Ω′LO

n.Ω′RO) and Ξn(ΩI\ΩO,Ω′LI

n. ΩRI\Ω′LO

n/Ω′RO).

6. Ξm(ΩI\ΩO,Ω′I\Ω′O) and m ≤ n implies Ξn(ΩI\ΩO,Ω′I\Ω′O).

7. Ξn(ΩI\ΩO,Ω′I\Ω′O) implies Ω′I ≤ n and Ω′O ≤ n.

Proof: By induction on the given derivation with appeals to Lemma 38.

For part 4, induct on the derivation for Ξn(ΩLI\ΩLO,Ω′LI\Ω′LO) and consider cases

for Ξn(ΩRI\ΩRO,Ω′RI\Ω′RO).

163

We now turn our attention to linear contexts.

ε(·\·, ·\·)ε(∆I\∆O,∆′I\∆′O)

ε(∆I\∆O, /∆′I\ / ∆′O)

ε(∆I\∆O,∆′I\∆′O)

ε(D∆I\D∆O, D∆′I\D∆′O)

ε(∆I\∆O,∆′I\∆′O)

ε(D∆I\∆O, D∆′I\∆′O)

ε(∆I\∆O,∆′I\∆′O)

ε(∆I\∆O,∆′I\∆′O)

Lemma 40

1. ε(∆\∆,∆′I\∆′O) implies ∆′I = ∆′O.

2. ε(∆I\∆O,∆′I\∆′O) and ∆I\∆M and ∆M w ∆O

implies there exists ∆′M such that

ε(∆I\∆M ,∆′I\∆′M) and ε(∆M\∆O,∆′M\∆′O).

Proof: By induction on the structure of the given ε derivation.

We can now show the completeness of strict derivations wrt to >-flags derivations.

Theorem 41

1. Γ; ∆I\∆O; ΩI\ΩO −→v τ

G and δ(∆′O) and ε(∆I\∆O,∆′I\∆′O) and Ξn(ΩI\ΩO,ΩO\Ω′O)

implies Γ; ∆′I\∆′O; Ω′I\Ω′On−→v τ

G

2. Γ; ∆I\∆O; (ΩLI\ΩLO; ΩRI\ΩRO) −→v (τL ; τR)

D P and δ(∆′O) and ε(∆I\∆O,∆′I\∆′O)

and Ξn(ΩLI\ΩLO,Ω′LI\Ω′LO) and Ξn(ΩRI\ΩRO,Ω′RI\Ω′RO)

implies Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′RO)n−→

v (τL ; τR)D P

Proof: Structural induction on given strict derivation making use of lemmas 38

and 39. We give representative cases.

case:init

Γ; ∆\∆; (ΩL\ΩL ; ΩR\ΩR) −→F (· ; ·)

P P

Then

164

Ξn(ΩL\ΩL,Ω′LI\Ω′LO) and Ξn(ΩR\ΩR,Ω′RI\Ω′RO) assumptions

δ(∆′O) and ε(∆\∆,∆′I\∆′O) assumptions

∆′I = ∆′O Lemma 40

Ω′LI = Ω′LO and Ω′RI = Ω′RO Lemma 39.1

o(Ω′LI) and o(Ω′RI) defn. of Ξ

Γ; ∆′\∆′; (Ω′LI\Ω′LI ; Ω′RI\Ω′RI)n−→

F (· ; ·)P P init

case:Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO) −→

v (τL ; τR)D P


v τL0τRP

Then

Ξn(ΩLIDΩRI\ΩLOΩRO,Ω′I\Ω′O) assumptions

δ(∆′O) and ε(∆I\∆O,∆′I∆′O) assumptions

Ω′I = Ω′LIDmΩ′RI and Ω′O = Ω′LOΩ′RO and

Ξ(ΩLI\ΩLO,Ω′LI\Ω′LO) and Ξ(ΩRI\ΩRO,Ω′RI\Ω′RO) Lemma 39.3

Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′RI\Ω′RO)n−→

v (τL ; τR)D P ind. hyp.

Γ; ∆′I\∆′O; Ω′LIDmΩ′RI\Ω′LOΩ′RO

n−→v τL0τR

P choiceΩ

case:

Γ; ∆I\∆M ; (ΩLI\ΩLO ; ΩRI\ΩGIΩRO) −→v1 (τL ; 1τR)


G


(v1∨v2) (τL ; τ+1τR)GD P

( 6∈ ΩGI and (ΩRO = Ω or ·))

Then

Ξn(ΩLI\ΩLO,Ω′LI\Ω′LO) and Ξn(ΩRI\ΩGOΩRO,Ω′RI\Ω′R) assumptions

δ(∆′O) and ε(∆I\∆O,∆′I\∆′O) assumptions

There exists ∆′M such that

ε(∆I\∆M ,∆′I\∆′M) and ε(∆M\∆O,∆

′M\∆′I) Lemma 40

δ(∆′M/) defn. of δ.

Suppose ΩRO = ΩO for some ΩO (case for ΩRO = · is similar)

ΩRI = ΩGIDΩI where ΩGI w ΩGO and ΩI w ΩO ΩRI w ΩGOΩRO

165

Note that Ξn(ΩGIDΩI\ΩGOΩO,Ω′RI\Ω′R)

Ω′RI = Ω′GIDmΩ′I and Ω′R = Ω′GOΩ′O and

Ξn(ΩGI\ΩGO,Ω′GI\Ω′GO) and Ξn(ΩI\ΩO,Ω′I\Ω′O) Lemma 39.3

Θn(ΩGI ,Ω′GI) Lemma 39.2

Ξn(ΩGI\ΩGI ,n.Ω′GI\

n. Ω′GI) defn. of Ξ

Ξn(ΩGIDΩI\ΩGIΩO,n.Ω′GID

mΩ′I\n. Ω′GIΩ′O) Lemma 39.4

Γ; ∆′I / \∆′M/; (Ω′LI\Ω′LO ;n.Ω′GID

mΩ′I\n. Ω′GIΩ′O)

n−→v (τL ; τR)

D P

ind. hyp.

Ξ(n+1)(ΩGI\ΩGO ,Ω′GIn/ \Ω′GO

n/) Lemmas 39.5 and 39.6

Γ; ∆′M\∆′O; Ω′GIn/ \Ω′GO

n/

(n+1)−→v τ

G ind. hyp.

Γ; ∆′I\∆′O; (Ω′LI\Ω′LO ; Ω′GIDmΩ′I\Ω′GOΩ′O)

n−→v (τL ; τ+τR)

D P by rule L

11.5 Strictness Properties

We show that the system will never fail at the −R rule.

Lemma 42 (Linear Strictness)

1. Γ; ∆I\∆O; ΩI\ΩOn−→F τ

G implies δ(∆O).


F (τL ; τR)G P implies δ(∆O).

Proof: Induction on given derivation using Lemma 36.

Thus we may collapse the two −R rules into one rule:

Γ; ∆ID\∆OX; ΩI\ΩOn−→v τ

G

−RΓ; ∆I\∆O; ΩI\ΩO

n−→v τ

D −G

where X is either or D.

166

Additionally, the strict system will never fail at the R or R rules. To show

this, we introduce the following notation:

ρ(Ω) ≡ maxn | n/ ∈ Ω orn. ∈ Ω

µ(ΩI ,ΩO) ≡ ΩI w ΩO and ΩO ≤ ρ(ΩI) and ∀ΩIL,ΩIR, Dm,ΩOL,ΩOR.

(ΩILDmΩIR = ΩI and ΩOLΩOR = ΩO and ‖ΩIL‖ = ‖ΩOL‖)

implies ΩOL ≤ ρ(ΩIL) and ΩOR ≤ ρ(ΩIR)

Lemma 43 (Ordered Strictness)

1. Γ; ∆I\∆O; ΩI\ΩOn−→v τ

G implies µ(ΩI ,ΩO)


v (τL ; τR)D P implies

µ(ΩLI ,ΩLO) and µ(ΩRI ,ΩRO)

Proof: Structural induction on given derivation. We show a representative case.

case:

Γ; ∆I / \∆M/; ΩIn/ \ΩLΩ2

n/

(n+1)−→v1 τL

G1 Γ; ∆M\∆O; Ω2\ΩR(n+1)−→v2 τR

G2

•R0


(v1∨v2) (τL+τR)G1 •G2

( 6∈ Ω2 and (ΩL = Ω or ·) and τL 6= τ1)

Then

µ(ΩIn/,ΩLΩ2

n/) and µ(Ω2,ΩR) ind. hyp.

ΩI = ΩILΩ2 and ΩIL w ΩL ΩIn/ w ΩLΩ2

n/

ΩI w ΩLΩR

ρ(ΩI) ≥ ρ(ΩIL) and ρ(ΩI) ≥ ρ(Ω2) ΩI = ΩILΩ2

ΩL ≤ ρ(ΩIL) ≤ ρ(ΩI) ΩL = Ω or · and µ(ΩIn/,ΩLΩ2

n/)

ΩR ≤ ρ(Ω2) ≤ ρ(ΩI) µ(Ω2,ΩR)

ΩLΩR ≤ ρ(ΩI)

Let ΩLIDm∆RI = ∆I and ΩLOΩRO = ΩLΩR where ‖ΩLI‖ = ‖ΩLO‖

Dm ∈ ΩIL or Dm ∈ Ω2

In either case ΩxO ≤ ρ(ΩxI) ind. hyp.

167

We will call a sequent Γ; ∆I\∆O; ΩI\ΩOn−→v τ

G valid if ΩI ≤ n and ρ(ΩI) < n.

We will call a sequent Γ; ∆I\∆O; (ΩLI\ΩLO ; ΩRI\ΩRO)n−→

v (τL ; τR)D P valid

if ΩLIΩRI ≤ n and ρ(ΩLIΩRI) ≤ n. Note that the derivation rules preserve this

validity. It is a corollary of Lemma 43 that bottom-up, left-to-right derivations of

valid sequents will never fail at the R or R rules.

11.6 Implementation Issues

After choosing a formula D, computation of its residual formula, G′;D P \ G, is

parametric in P . Thus, we can compile program clauses once, abstracting over P ,

and then use them in their compiled form by giving them the P we are trying to

solve.

The strict system has the nice property that the ordered context checks in the init,.=R, 1R, and →L rules may be done in constant time. One need only check each end

of the ordered context to determine if Ω ≤ m. One can easily see that this is indeed

the case by noticing that the tags only increase from conclusion to premise(s) and

that no inference rules change the tags on any ordered hypotheses or frame pointers.

Then, since everything is added to the right or left side of the ordered context, the

highest tag in a context must occur at either end of the context.

The linear context checks, i.e., δ(∆), are possibly linear in the length of ∆. How-

ever, we can further optimize the linear context management as follows. Since we

know the strictness property holds, we may actually remove linear hypotheses from

the linear context once they are consumed. We may then change the definition of δ

as follows:

δ(·) δ(∆/)

We then change the choice∆, >R and −R rules as follow:

1;D P \ G Γ; ∆L∆R\∆O; ΩI\ΩOn−→v τ

G

choiceΩ

Γ; ∆LD∆R\∆O; ΩI\ΩOn−→v τ

P

/ 6∈ ∆′>R/

Γ; ∆ /∆′\∆; ΩI\ΩOn−→T 1>

>R·Γ; ·\·; ΩI\ΩO

n−→T 1>

168

Γ; ∆ID\∆O ; ΩI\ΩOn−→v τ

G

−RΓ; ∆I\∆O; ΩI\ΩO

n−→v τ

D −G

While failing much sooner than previous versions, the system is still not quite

equivalent to RM3. In the &R rule, no attempt is made to restrict the second premise

to only using formulas consumed by the first premise. Thus a strict derivation can fail

in the &R rule. We could of course adapt the scheme used in the frame system [33],

which is linear in the size of the linear context, to prevent failures due to linear

hypotheses. However the extension of this scheme to the ordered case is not very

satisfying– it seems to prohibit constant time ordered context strictness checks at the

proof leaves. Thus, it is not clear if “fixing” this is worth the trouble since it would

seem to require scanning through the ordered context at every terminal rule.

There is a prototype implementation of Olli using the strict derivation system, with

the just-mentioned modifications. It is written in the Teyjus [38] implementation of

λProlog and is available at:

http://www.cs.cmu.edu/~jpolakow.

169

170

Part III

Ordered Logical Framework

171

Chapter 12

Ordered Types

In this chapter we add proof terms to ordered linear logic. This essentially turns the

logic into a type system for an ordered lambda calculus following the Curry-Howard

isomorphism. Furthermore, as hinted at in Chapter 2, the local reductions and expan-

sions become β-reductions and η-expansions for the ordered lambda calculus terms.

After re-introducing the logic as a type theory, we will show that there is a canon-

ical fragment of the type theory, i.e., a fragment for which canonical (or long βη-

normal) forms exist, which corresponds to the uniform fragment of the logic exam-

ined in Chapter 6. The existence of canonical forms is critical in logical framework

applications of our calculus, since it is the canonical forms which are in bijective cor-

respondence with the objects to be represented. This property is inherited both from

the logical framework LF [23] and its linear refinement LLF [11].

In Chapter 13 we will show that we can add dependent types to the theory to

produce a LF style logical framework. We will then proceed to show that type-

checking remains decidable and that canonical forms still exist1. Finally, in Chapter 16

we will show how such an ordered logical framework can be used to analyze some

syntactic properties of the CPS transform.

1We will not show actual canonical forms, rather we will show that a slightly weaker notion exists

which is still suitable for logical framework representations– see Section 15.3.

173

12.1 Proof Terms

In this section we present the basic natural deduction system for ordered linear logic

(Chapter 2.10) annotated with proof terms. The proof terms will form an ordered

lambda calculus.

We start with the types we shall use:

Types A ::= a atomic types

| A1→A2 unrestricted implication

| A1 −A2 linear implication

| A1A2 ordered right implication

| A1A2 ordered left implication

| A1 &A2 additive conjunction

| > additive truth

| A1 •A2 multiplicative conjunction

| 1 multiplicative truth

| A1 ⊕ A2 additive disjunction

| 0 additive falsehood

| !A unrestricted modality

| ¡A linear modality

We do not consider the quantifiers here. Instead we will consider a generalization of

the universal quantifier (dependent types) in Chapter 13. We will not treat the exis-

tential quantifier at all, since it is not necessary for the applications of ordered lambda

terms considered in this thesis. Furthermore, we only include one multiplicative pair

type (•) since the other one () is trivially definable, A1 A2 ≡ A2 •A1.

174

We will use the following proof terms:

Terms M ::= x | y | z variables

| λx:A. M |M1M2 unrestricted functions (→)

| λy:A. M |M1ˆM2 linear functions (−)

| λ>z:A. M |M1

>M2 right ordered functions ()

| λ<z:A. M |M1

<M2 left ordered functions ()

| 〈M1 , M2〉 | fstM | sndM additive pairs (&)

| 〈〉 additive unit (>)

| [M1 , M2] | let [z , z′] = M in N multiplicative pairs (•)| ? | let? = M in N multiplicative unit (1)

| inlBM | inrAM

| caseM of inl z ⇒ N‖inr z′ ⇒ N ′ additive disjunction (⊕)

| abortAM additive falsehood (0)

| !M | let !x = M in N unrestricted modality (!)

| ¡M | let ¡y = M in N linear modality (¡)

We use the following judgement to type our terms:

Γ; ∆; Ω `M : A

where Γ, ∆, and Ω have the same form as in the natural deduction system in Chap-

ter 22.

We can now state all of the typing rules. These are the same rules given in

Chapter 2.10, annotated with proof terms. We also restate the local reductions and

expansions for each term as β-reductions and η-expansions.

Variable Rules.

uvarΓ1(x:A)Γ2; ·; · ` x : A

lvarΓ; y:A; · ` y : A

ovarΓ; ·; z:A ` z : A

2However, we now interpret the labels on hypotheses as variables.

175

Unrestricted Functions A→B.

Γ(x:A); ∆; Ω ` M : B→I

Γ; ∆; Ω ` λx:A. M : A→B

Γ; ∆; Ω `M : A→B Γ; ·; · ` N : A→E

Γ; ∆; Ω ` MN : B

We have the following reduction rule:

(λx:A. M)N =⇒β [N/x]M

We have the following expansion for terms M of type A→B:

M =⇒η λx:A. M x

where x is not free in M .

Linear Functions A−B.

Γ; ∆(y:A); Ω `M : B−I

Γ; ∆; Ω ` λy:A. M : A−B

Γ; ∆1; Ω `M : A−B Γ; ∆2; · ` N : A−E

Γ; ∆1 ./ ∆2; Ω `MˆN : B


(λy:A. M ) N =⇒β [N/y]M

We have the following expansion for terms M of type A−B:

M =⇒η λy:A. Mˆy

where y is not free in M .

176

Right Ordered Functions AB.

Γ; ∆; Ω(z:A) `M : BI

Γ; ∆; Ω ` λ>z:A. M : AB

Γ; ∆1; Ω1 `M : AB Γ; ∆2; Ω2 ` N : AE

Γ; ∆1 ./∆2; Ω1Ω2 ` M>

N : B


(λ>

z:A. M)>

N =⇒β [N/z]M

We have the following expansion for terms M of type AB:

M =⇒η λ>

z:A. M>

z

where z is not free in M .

Left Ordered Functions AB.

Γ; ∆; (z:A)Ω ` M : BI

Γ; ∆; Ω ` λ<z:A. M : AB

Γ; ∆2; Ω2 ` M : AB Γ; ∆1; Ω1 ` N : AE

Γ; ∆1 ./ ∆2; Ω1Ω2 `M<

N : B


(λ<

z:A. M)<

N =⇒β [N/z]M

We have the following expansion for terms M of type A B:

M =⇒η λ<

z:A. M<

z

where z is not free in M .

177

Multiplicative Conjunction A•B.

Γ; ∆1; Ω1 `M :A Γ; ∆2; Ω2 ` N :B•I

Γ; ∆1 ./ ∆2; Ω1Ω2 ` [M , N ] : A •B

Γ; ∆2; Ω2 `M : A •B Γ; ∆1; Ω1(z:A)(z′:B)Ω3 ` N : C•E

Γ; ∆1∆2; Ω1Ω2Ω3 ` let [z , z′] = M in N : C


let [z , z′] = [M , M ′] in N =⇒β N [M/z,M ′/z′]

We have the following expansion for terms M of type A •B:

M =⇒η let [z , z′] = M in [z , z′]

We will not bother with assigning a term to the other ordered conjunction, ,since it simply reverses z and z′ in the term displayed above.

Multiplicative Unit 1.

1IΓ; ·; · ` ? : 1

Γ; ∆2; Ω2 `M : 1 Γ; ∆1; Ω1Ω3 ` N : C1E

Γ; ∆1 ./ ∆2; Ω1Ω2Ω3 ` let? = M in N : C


let? = ? in N =⇒β N

We have the following expansion for terms M of type 1:

M =⇒η let? = M in ?

178

Additive Conjunction A&B.

Γ; ∆; Ω `M : A Γ; ∆; Ω ` N : B&I

Γ; ∆; Ω ` 〈M , N〉 : A&B

Γ; ∆; Ω `M : A&B&E1

Γ; ∆; Ω ` fstM : A

Γ; ∆; Ω `M : A&B&E2

Γ; ∆; Ω ` sndM : B

We have the following reduction rules:

fst 〈M , N〉 =⇒β M

snd 〈M , N〉 =⇒β N

We have the following expansion for terms M of type A&B:

M =⇒η 〈fstM , sndM〉

Additive Unit >.

>IΓ; ∆; Ω ` 〈〉 : >

Since there is no elimination rule, there are no reductions for the additive unit. How-

ever we do the following expansion for terms M of type >:

M =⇒η 〈〉

Additive Disjunction ⊕.

Γ; ∆; Ω `M : A⊕I1

Γ; ∆; Ω ` inlBM : A⊕BΓ; ∆; Ω `M : B

⊕I2

Γ; ∆; Ω ` inrAM : A⊕B

Γ; ∆2; Ω2 `M : A⊕B Γ; ∆1; Ω1(z:A)Ω3 ` N : C Γ; ∆1; Ω1(z′:B)Ω3 ` N ′ : C⊕E

Γ; ∆1 ./∆2; Ω1Ω2Ω3 ` caseM of inl z ⇒ N‖inr z′ ⇒ N ′ : C

We have the following reduction rules:

case inlBM of inl z ⇒ N‖inr z′ ⇒ N ′ =⇒β [M/z]N

case inrAM ′ of inl z ⇒ N‖inr z′ ⇒ N ′ =⇒β [M ′/z′]N ′

We have the following expansion for terms M of type A⊕B:

M =⇒η caseM of inl z ⇒ inl z‖inr z′ ⇒ inr z′

179

Additive Falsehood 0.

Γ; ∆2; Ω2 `M : 00E

Γ; ∆1 ./∆2; Ω1Ω2Ω3 ` abortCM : C

Since there is no introduction rule for 0, there are no new reductions. We do have

the following expansion for terms M of type 0:

M =⇒η abort0M

Unrestricted Modality !A.

Γ; ·; · `M : A!I

Γ; ·; · ` !M : !A

Γ; ∆2; Ω2 `M : !A Γ(x:A); ∆1; Ω1Ω3 ` N : C!E

Γ; ∆1 ./∆2; Ω1Ω2Ω3 ` let !x = M in N : C


let !x = !M in N =⇒β [M/x]N

We have the following expansion for terms M of type !A:

M =⇒η let !x = M in !x

Linear Modality ¡A.

Γ; ∆; · ` M : A¡I

Γ; ∆; · ` ¡M : ¡A

Γ; ∆2; Ω2 ` M : ¡A Γ; ∆1(y:A); Ω1Ω3 ` N : C¡E

Γ; ∆1 ./∆2; Ω1Ω2Ω3 ` let ¡y = M in N : C


let ¡y = ¡M in N =⇒β [M/y]N

We have the following expansion for terms M of type ¡A:

M =⇒η let ¡y = M in ¡y

In order to prove subject reduction we proceed to establish the expected structural

properties for contexts and substitution lemmas.

180

Lemma 44 (Structural Properties)

1. Γ1(x:A)(x′:A′)Γ2; ∆; Ω `M : B implies Γ1(x′:A′)(x:A)Γ2; ∆; Ω `M : B.

2. Γ1Γ2; ∆; Ω `M : B implies Γ1(x:A)Γ2; ∆; Ω `M : B.

3. Γ1(x:A)(x′:A)Γ2; ∆; Ω `M : B implies Γ1(x:A)Γ2; ∆; Ω ` [x/x′]M : B.

4. Γ; ∆1(y:A)(y′:A′)∆2; Ω `M :B implies Γ; ∆1(y′:A′)(y:A)∆2; Ω `M :B.

Proof: By induction on the structure of the given derivations.

Lemma 45 (Substitution Properties)

1. Γ1(x:A)Γ2; ∆; Ω `M : B and Γ1; ·; · ` N : A

implies Γ1Γ2; ∆; Ω ` [N/x]M : B.

2. Γ; ∆1(y:A)∆2; Ω `M : B and Γ; ∆′; · ` N : A

implies Γ; (∆1 ./∆′)∆2; Ω ` [N/y]M : B.

3. Γ; ∆; Ω1(z:A)Ω2 `M : B and Γ; ∆′; Ω′ ` N : A

implies Γ; ∆ ./∆′; Ω1Ω′Ω2 ` [N/z]M : B.

Proof: By induction over the structure of the given typing derivation for M in each

case, using Lemma 44.

Subject reduction now follows immediately.

Theorem 46 (Subject Reduction)

Γ; ∆; Ω ` M : A and M =⇒β M′ implies Γ; ∆; Ω ` M ′ : A.

Proof: For each reduction, we apply inversion to the given typing derivation and then

use the substitution lemma 45 to obtain the typing derivation for the conclusion.

Subject expansion also holds.

Theorem 47 (Subject Expansion)

Γ; ∆; Ω ` M : A and M =⇒η M′ implies Γ; ∆; Ω `M ′ : A.

181

Proof: By a direct derivation in each case3, using weakening (Lemma 44.(2)) for

unrestricted functions.

Finally, we state one further property of ordered typing derivations which is crucial

for our logical-relations applications in Chapter 16.

Theorem 48 (Demotion)

1. Γ; ∆1(y:A)∆2; Ω `M : B implies Γ(x:A); ∆1∆2; Ω ` [x/y]M : B.

2. Γ; ∆; Ω1(z:A)Ω2 ` M : B implies Γ; ∆(y:A); Ω1Ω2 ` [y/z]M : B.

Proof: In both cases by induction on the structure of the given derivation.

12.2 Canonical Forms

In this section, we show that canonical (or long βη-normal) forms exists for a fragment

of the ordered lambda calculus. This fragment consists of the types which correspond

to the uniform fragment of ordered linear logic. We give a proof by logical relations

which foreshadows some of the techniques we will use in Chapters 13, 14, and 15

to prove decidability of type-checking in an ordered logical framework4. We further

speculate that this proof could likely be adapted to a direct proof of normalization

for ordered linear logic (without using the sequent calculus).

For the remainder of this chapter, we only consider types, A, within the canonical

fragment:

Canonical Types A ::= a atomic types

| A1→A2 unrestricted implication

| A1 −A2 linear implication

| A1A2 ordered right implication

| A1 A2 ordered left implication

| A1 &A2 additive conjunction

| > additive truth

3In fact the expansions shown in Chapter 2.4The type system of this chapter extended with dependent types.

182

In order to show the existence of canonical forms, we will give a canonicalization

procedure, and then show that this procedure always succeeds on terms in the canon-

ical fragment of the calculus (i.e., terms whose types are in the uniform fragment

of ordered linear logic). In order to simplify our argument, and to show a more re-

alistic canonicalization procedure, we ignore linearity and ordering constraints when

transforming a term into canonical form. This omission is sound as long as we know

beforehand that the term being transformed is well-typed.

Our proof proceeds as follows. We first formalize the property that a term can

be converted to canonical form via a deductive system which can easily be related to

the usual notion of long βη-normal form. This deductive system can also be read as

an algorithm for converting a term to canonical form.

We then prove that any well-typed term (within the canonical fragment) can

indeed be converted to canonical form. Our proof will be an argument by Kripke

logical relations (also called Tait’s method) consisting of two parts: (1) If M is a

well-typed term of type A then M is in the logical relation represented by A, and (2)

if M is in the logical relation represented by A then there is some canonical term N

convertible to M . Our reduction strategy is based on weak head reduction defined

below.

β→(λx:A. M)N

whr−→ M [N/x]

Mwhr−→ M ′

whr→M N

whr−→ M ′N

β−(λy:A. M ) N

whr−→ M [N/y]

Mwhr−→ M ′

whr−MˆN

whr−→ M ′ˆN

β(λ<

z:A. M)<

Nwhr−→ M [N/z]

Mwhr−→ M ′

whrM

<

Nwhr−→ M ′

<

N

β(λ>

z:A. M)>

Nwhr−→ M [N/z]

Mwhr−→ M ′

whrM

>

Nwhr−→ M ′

>

N

183

β&1

fst 〈M , N〉 whr−→ M

Mwhr−→ M ′ whr&1

〈M , N〉 whr−→ 〈M ′ , N〉

β&2

snd 〈M , N〉 whr−→ N

Nwhr−→ N ′ whr&2

〈M , N〉 whr−→ 〈M , N ′〉

Intuitively, canonical terms are atomic terms of atomic type, or λ-abstractions

of canonical terms, or pairs of canonical terms. Atomic terms are variables, or fst

applied to atomic terms, or snd applied to atomic terms, or applications of atomic

terms to canonical terms. This is formalized in the judgments Ψ ` M ⇑ M ′ : A,

which denotes that M has canonical form M ′ at type A, and Ψ `M ↓M ′ : A, which

denotes that M has atomic form M ′ at type A. Ψ stands for a context composed

of unrestricted, linear and ordered variables. Note that these inference rules are

essentially the normal derivation rules of Chapter 3 without the linearity and ordering

constraints on hypotheses.

Variables

uvarΨ1(x:A)Ψ2 ` x ↓ x : A

lvarΨ1(y:A)Ψ2 ` y ↓ y : A

ovarΨ1(z:A)Ψ2 ` z ↓ z : A

Atomic Types.

Ψ ` M ↓M ′ : acoercion

Ψ `M ⇑ M ′ : a

Mwhr−→M ′ Ψ ` M ′ ⇑ M ′′ : a

reductionΨ `M ⇑M ′′ : a

184

Unrestricted Functions.

Ψ(x:A) ` M x ⇑M ′ : B→I

Ψ `M ⇑ λx:A. M ′ : A→B

Ψ ` M ↓M ′ : A→B Ψ ` N ⇑ N ′ : A→E

Ψ `M N ↓M ′N ′ : B

Linear Functions.

Ψ(y:A) `Mˆy ⇑M ′ : B−I

Ψ `M ⇑ λy:A. M ′ : A−B

Ψ `M ↓M ′ : A−B Ψ ` N ⇑ N ′ : A−E

Ψ `MˆN ↓M ′ˆN ′ : B

Right Ordered Functions.

Ψ(z:A) ` M >z ⇑M ′ : B

IΨ ` M ⇑ λ>z:A. M ′ : AB

Ψ ` M ↓M ′ : AB Ψ ` N ⇑ N ′ : AE

Ψ `M >

N ↓M ′ >N ′ : B

Left Ordered Functions.

Ψ(z:A) `M<z ⇑ M ′ : B

IΨ `M ⇑ λ<z:A. M ′ : AB

Ψ `M ↓M ′ : A B Ψ ` N ⇑ N ′ : AE

Ψ ` M<

N ↓M ′<N ′ : B

Additive Pairs.

Ψ ` fstM ⇑M ′1 : A Ψ ` sndM ⇑M ′2 : B&I

Ψ `M ⇑ 〈M ′1 , M ′2〉 : A&B

Ψ `M ↓M ′ : A&B&E1

Ψ ` fstM ↓ fstM ′ : A

Ψ `M ↓M ′ : A&B&E2

Ψ ` sndM ↓ sndM ′ : B

185

Additive Unit.

>IΨ `M ⇑ 〈〉 : >

We first state the following soundness lemma for the transformation process. Note

that since the transformation judgements ignore linearity and ordering constraints, it

is only meant to be applied to well-typed terms.

Lemma 49

Γ; ∆; Ω `M : A and Γ∆Ω ` M ⇑M ′ : A implies

Γ; ∆; Ω `M ′ : A and M ′ is in long βη-normal form.

Proof: By structural inductions on the given derivations.

We use the notation Ψ′ ≥ Ψ to denote that Ψ′ contains all declarations in Ψ and

possibly more. We then have the following weakening lemma.

Lemma 50

1. Ψ `M ⇑M ′ : A and Ψ′ ≥ Ψ implies Ψ′ ` M ⇑M ′ : A.

2. Ψ `M ↓M ′ : A and Ψ′ ≥ Ψ implies Ψ′ `M ↓M ′ : A.


The following unary Kripke logical relation is the crux of our argument. It is

defined by induction on the type A.

Ψ `M ∈ [[a]] iff Ψ `M ⇑ N : a for some N .

Ψ `M ∈ [[A1→A2]] iff for all N and Ψ′ ≥ Ψ,

Ψ′ ` N ∈ [[A1]] implies Ψ′ `M N ∈ [[A2]].

Ψ `M ∈ [[A1−A2]] iff for all N and Ψ′ ≥ Ψ,

Ψ′ ` N ∈ [[A1]] implies Ψ′ `MˆN ∈ [[A2]].

Ψ `M ∈ [[A1A2]] iff for all N and Ψ′ ≥ Ψ,

Ψ′ ` N ∈ [[A1]] implies Ψ′ `M >N ∈ [[A2]].

Ψ `M ∈ [[A1 A2]] iff for all N and Ψ′ ≥ Ψ,

186

Ψ′ ` N ∈ [[A1]] implies Ψ′ ` M<N ∈ [[A2]].

Ψ `M ∈ [[A1 &A2]] iff Ψ ` fstM ∈ [[A1]] and Ψ ` sndM ∈ [[A2]].

Ψ `M ∈ [[>]].

We can now formally state and prove the second part of our proof— that well-

typed terms in the logical relation at all types have canonical forms. We can prove

this only simultaneously with the reverse statement for terms with an atomic form.

Lemma 51 (Logical Relations and Canonical Forms)

1. Ψ `M ∈ [[A]] implies Ψ ` M ⇑ N : A for some N .

2. Ψ `M ↓ N : A implies Ψ `M ∈ [[A]].

Proof: By induction on A using structural properties of contexts. We show the case

for ordered right implication. All other cases are similar or simpler.

Case: A = A1A2. For each of the two properties (1) and (2) we need two appeals

to the induction hypothesis, one on part (1) and one on part (2). First we consider

property (1).

Ψ `M ∈ [[A1A2]] by assumption

Ψ(x:A1) ≥ Ψ defn. of ≥Ψ(z:A1) ` z ↓ z : A1 by rule ovar

Ψ(z:A1) ` z ∈ [[A1]] by ind. hyp. (2) on A1

Ψ(z:A1) `M>z ∈ [[A2]] by defn. of [[A1A2]]

Ψ(z:A1) `M>z ⇑ M2 : A2 by ind. hyp. (1) on A2

Ψ `M ⇑ λ>z:A1. M2 : A1A2 by rule I

Next we show property (2).

Ψ `M ↓M ′ : A1A2 by assumption

Ψ′ ≥ Ψ and Ψ′ ` N ∈ [[A1]] new assumptions

Ψ′ ` N ⇑ N ′ : A1 by ind. hyp. (1) on A1

Ψ′ `M ↓M ′ : A1A2 Lemma 50

Ψ′ `M >N ↓M ′ >N ′ : A2 by rule E

Ψ′ `M >N ∈ [[A2]] by ind. hyp. (2) on A2

Ψ `M ∈ [[A1A2]] by defn. of [[A1A2]]

187

To prove that every well-typed term is in the logical relation we need closure under

head expansion.

Lemma 52 (Closure Under Head Expansion)

Mwhr−→M ′ and Ψ `M ′ ∈ [[A]] implies Ψ `M ∈ [[A]].

Proof: By induction on A. We show two representative cases.

Case: A = a. Then

Ψ `M ′ ∈ [[a]] by assumption

Ψ `M ′ ⇑M ′′ : a by defn. of [[a]]

Mwhr−→M ′ by assumption

Ψ `M ⇑ M ′′ : a by rule reduction

Ψ `M ∈ [[a]] by defn. of [[a]]

Case: A = A1A2. Then

Ψ `M ′ ∈ [[A1A2]] by assumption

Ψ′ ≥ Ψ and Ψ ` N ∈ [[A1]] new assumptions

Ψ′ ` M ′ >N ∈ [[A2]] by defn. of [[A1A2]]

Mwhr−→M ′ by assumption

M>N

whr−→M ′>N by rule whr

Ψ′ ` M >N ∈ [[A2]] by ind. hyp. on A2

Ψ `M ∈ [[A1A2]] by defn. of [[A1A2]]

In order to show Γ; ∆; Ω ` M : A implies Γ∆Ω ` M ∈ [[A]], we need to explicitly

manipulate substitutions. We shall define a substitution in the usual way as a list of

variable assignments:

σ ::= · | σ,M/x | σ,M/y | σ,M/z

188

where there is at most one assignment for any variable. Substitutions compose in

the obvious way. We write idΨ for the identity substitution on the variables declared

in Ψ. We define logical relations on substitutions by induction on the structure of

contexts.Ψ′ ` σ ∈ [[·]] iff σ = ·

Ψ′ ` (σ,M/x) ∈ [[Ψ(x:A)]] iff

Ψ′ ` σ ∈ [[Ψ]] and Ψ′ `M ∈ [[A]]

Ψ′ ` (σ,M/y) ∈ [[Ψ(y:A)]] iff

Ψ′ ` σ ∈ [[Ψ]] and Ψ′ `M ∈ [[A]]

Ψ′ ` (σ,M/z) ∈ [[Ψ(z:A)]] iff

Ψ′ ` σ ∈ [[Ψ]] and Ψ′ `M ∈ [[A]]

Lemma 53 (Weakening for [[−]])

1. Ψ `M ∈ [[A]] and Ψ′ ≥ Ψ implies Ψ′ `M ∈ [[A]].

2. Ψ′ ` σ ∈ [[Ψ]] and Ψ′′ ≥ Ψ′ implies Ψ′′ ` σ ∈ [[Ψ]].

Proof: By induction on the structure of the given derivation.

Lemma 54 (Identity) Ψ ` idΨ ∈ [[Ψ]]

Proof: Immediate by definition and lemma 51.

Lemma 55 (Typing and Logical Relations)

Γ; ∆; Ω `M : A and Ψ′ ≥ Γ∆Ω and Ψ ` σ ∈ [[Ψ′]]

implies Ψ `M [σ] ∈ [[A]]

where M [σ] is the result of applying substitution σ to M .

Proof: By induction on the structure of the given typing derivationD using Lemma 52

and elementary inversion properties of the logical relations for substitutions. We show

three representative cases.

189

Case:

D = ovarΓ; ·; z:A ` z:A

This case follows directly from the assumption that the substitution is in the logical

relation.

Ψ′ ≥ Γ(z:A) and Ψ ` σ ∈ [[Ψ′]] assumptions

Ψ `M ′ ∈ [[A]] where M ′/z ∈ σ by inversion properties of [[−]]

Ψ ` z[σ] ∈ [[A]] by defn. of substitution

Case:

D =

D2

Γ; ∆; Ω(z:A1) `M2 : A2

IΓ; ∆; Ω ` λ>z:A1. M2 : A1A2

In this case the critical step uses closure under head expansion (Lemma 52).

Ψ′ ≥ Γ∆Ω and Ψ ` σ ∈ [[Ψ′]] assumptions

Ψ′′ ≥ Ψ and Ψ′′ ` N ∈ [[A1]] new assumptions

Ψ′′ ` σ ∈ [[Ψ′]] Lemma 53

Ψ′′ ` (σ,N/z) ∈ [[Ψ′(z:A1)]] by defn. of [[−]]

Ψ′′ `M2[σ,N/z] ∈ [[A2]] by ind. hyp. on D2

Ψ′′ ` (λ>z:A1. M2[σ, z/z])

>N ∈ [[A2]] by Lemma 52

Ψ ` λ>z:A1. M2[σ, z/z] ∈ [[A1A2]] by defn. of [[A1A2]]

Ψ ` (λ>z:A1. M2)[σ] ∈ [[A1A2]] by defn. of substitution

Case:

D =

D1

Γ; ∆1; Ω1 `M1 : A2A1

D2

Γ; ∆2; Ω2 `M2 : A2

EΓ; ∆1 ./ ∆2; Ω1Ω2 `M1

>

M2 : A1

In this case the result follows by elementary inversion properties for the logical relation

on substitutions.

190

Ψ′ ≥ Γ(∆1 ./ ∆2)Ω1Ω2 and Ψ ` σ ∈ [[Ψ′]] by assumption

Ψ `M1[σ] ∈ [[A2A1]] by ind. hyp. on D1

Ψ `M2[σ] ∈ [[A2]] by ind. hyp. on D2

Ψ ` (M1[σ])>(M2[σ]) ∈ [[A1]] by defn. of [[A2A1]]

Ψ ` (M1>M2)[σ] ∈ [[A1]] by defn. of substitution

Theorem 56 (Canonical Forms)

Γ; ∆; Ω `M : A implies for some N , Γ∆Ω `M ⇑ N : A.

Proof: Immediate from lemmas 55, 51, and 54.

Now that we know the ordered type system has a canonical fragment, it is nat-

ural to start thinking about basing a logical framework on the system. However,

most interesting logical framework applications require the ability to quantify over

terms. Towards this end, we shall extend the type system with dependent types in

Chapter 13, and then proceed to show, in Chapters 14 and 15 that type-checking

remains decidable and canonical forms still exist. The proof techniques we use, which

are essentially generalizations of the method employed in this chapter, follow the

development in [24] and [59] extended to the ordered case. We show an extended

application, concerning syntactic properties of the CPS transform, of the resulting

ordered logical framework in Chapter 16.

191

192

Chapter 13

Ordered Logical Framework

Logical frameworks are formal systems (meta-languages) suitable for encoding and

reasoning about deductive systems (object languages). For a general overview of

logical frameworks and some of their uses, see [46]. The Edinburgh logical framework

(LF), introduced in [23], is a particular logical framework based on dependent types;

it may be intuitively thought of as λP in the lambda cube [6]1.

LF representations typically follow the slogan judgements as types, with a new type

declared for each judgement to be represented; derivations then become LF terms.

Dependent types allow for a smooth encoding of higher-level properties of the object

system in the same manner. For example, we can encode Mini-ML, evaluation for

Mini-ML, and a proof of value soundness all with the judgements-as-types methodol-

ogy by using dependent types– see [47] for details. This technique essentially reduces

checking the validity of object-level deductions to meta-level type-checking.

In order for such encodings to really be useful, LF must satisfy two key properties.

Every LF term, of a type representing an object-level judgement, should correspond

to some object-level derivation of that judgement. In order to establish a bijection,

we require that LF have a notion of canonical forms to represent all LF terms for any

particular type. Furthermore, we should be able to decide whether a given object-

level deduction is valid. Thus, since type-checking a term corresponds to proving a

deduction valid, LF type-checking should be decidable.

An additional aspect of LF representations is the use of higher-order abstract

syntax, an idea going back to Church [12], which employs meta-level variables to

1This intuition is not exact since LF is actually a proper subset of λP as noted in [31].

193

represent object-level variables. With this technique, we can often avoid explicitly

encoding the machinery of object-level substitution; instead, we may rely upon the

underlying LF substitution mechanism. Thus, higher-order abstract syntax allows for

particularly elegant encodings of systems with variable bindings.

However, higher-order abstract syntax only works when the object-level variables

behave in the same manner as the meta-level variables. Thus one could not use

the technique to accurately represent linear functions, since LF variables are unre-

stricted. In order to allow the use of LF-style representation techniques on a wider

class of systems, Cervesato and Pfenning investigated the extension of LF with lin-

ear types [11]. The resulting linear logical framework (LLF), which conservatively

extends LF, permits LF-style representation of linear systems such as those involving

state. For technical reasons, only non-dependent linear types were considered and

additive conjunctions including the additive unit were added to the framework.

In this chapter, we add dependent types to the basic ordered type system of Chap-

ter 12 with the intention of forming an LF-style logical framework. Following LLF,

we only allow unrestricted dependencies– types can only depend upon unrestricted

variables. We will prove the decidability of type-checking for the system, in Chap-

ter 15, with a simple extension of the techniques of [24] and [59] to the ordered case.

This proof can be thought of as a generalization of the basic techniques used to prove

the existence of canonical forms in the non-dependent type-theory (Section 12.2).

The existence of canonical forms for the dependent system will be a by-product of a

type-checking algorithm.

Our development precisely follows that of [24] and [59]. The addition of ordered

types does not affect the development in any significant manner (except to add more

cases) since, for the purposes of the equality checking, ordered types are identical to

linear types. The details of all proofs in this and the subsequent two chapters, may

be found in [24] and [59].

13.1 Ordered Logical Framework

We introduce the type system which we will refer to as the ordered logical framework

(OLF). It is essentially the ordered type system of Chapter 12 augmented with depen-

dent types, i.e., types which may depend upon terms. In order to facilitate a clear

exposition, we will shift our nomenclature to objects, families, and kinds. Objects

194

correspond to terms, families correspond to types, while kinds are new constructs

which classify families (i.e., kinds are “types” for families). Here is the syntax for

OLF.

Syntax

Kinds K ::= type | Πx:A. K

Families A ::= a | AM |Πx:A1. A2 | A1 −A2 |A1A2 | A1 A2 |A1 &A2 | >

Objects M ::= c | x | y | z |λx:A. M |M1 M2 |λy:A. M |M1

ˆM2 |λ>z:A. M |M1

>M2 |

λ<z:A. M |M1

<M2 |

〈M1 , M2〉 | fstM | sndM | 〈〉

Signatures Σ ::= · | Σ(a:K) | Σ(c:A)

Unrestricted Contexts Γ ::= · | Γ(x:A)

Linear Contexts ∆ ::= · | ∆(y:A)

Ordered Contexts Ω ::= · | Ω(z:A)

We also use N for objects and B for families. We continue our convention of syntac-

tically distinguishing unrestricted, linear and ordered assumptions. Thus, like LLF,

only unrestricted assumptions may appear in families and kinds since Πs only bind

unrestricted variables, x.

We will employ the following judgements to define the OLF type theory.

Judgements

` Σ sig Σ is a valid signature

`Σ Γ uctx Γ is a valid unrestricted context

Γ `Σ ∆ lctx ∆ is a valid linear context

Γ `Σ Ω octx Ω is a valid ordered context

195

Γ `Σ K : kind K is a valid kind

Γ `Σ A : K A has kind K

Γ; ∆; Ω `Σ M : A M has type A

Γ `Σ K1 = K2 : kind K1 equals K2

Γ `Σ A1 = A2 : K A1 equals A2 at kind K

Γ; ∆; Ω `Σ M1 = M2 : A M1 equals M2 at type A

We assume Σ is a valid signature in the judgement `Σ Γ uctx. We assume Σ is a

valid signature and Γ is valid in Σ for judgements of the form Γ `Σ J .

13.2 Typing Rules

Signatures

` · sig` Σ sig · `Σ K : kind

` Σ(a:K) sig

` Σ sig · `Σ A : type

` Σ(c:A) sig

From this point on, we assume a valid signature, Σ, implicit in all judgements.

Contexts

` · uctx` Γ uctx Γ ` A : type

` Γ(x:A) uctx

Γ ` · lctxΓ ` ∆ lctx Γ ` A : type

Γ ` ∆(y:A) lctx

Γ ` · octxΓ ` Ω octx Γ ` A : type

Γ ` Ω(z:A) octx

From this point on, we presuppose the validity of all contexts in judgements, rather

than explicitly checking this property.

Kinds

Γ ` type : kind

Γ ` A : type Γ(x:A) ` K : kind

Γ ` Πx:A. K : kind

196

Families

a:K ∈ Σ

Γ ` a : K

Γ ` A : Πx:A′. K Γ; ·; · `M : A′

Γ ` AM : K[M/x]

Γ ` A1 : type Γ(x:A1) ` A2 : type

Γ ` Πx:A1. A2 : type

Γ ` A : K Γ ` K = K ′ : kind

Γ ` A : K ′

Objects

c:A ∈ Σ

Γ; ·; · ` c : A

x:A ∈ Γ

Γ; ·; · ` x : A Γ; y:A; · ` y : A Γ; ·; z:A ` z : A

Γ ` A′ : type Γ(x:A′); ∆; Ω `M : A

Γ; ∆; Ω ` λx:A′. M : Πx:A′. A

Γ; ∆; Ω `M : Πx:A′. A Γ; ·; · ` M ′ : A′

Γ; ∆; Ω `MM ′ : A[M ′/x]

Γ ` A′ : type Γ; ∆(y:A′); Ω ` M : A

Γ; ∆; Ω ` λy:A′. M : A′ −A

Γ; ∆; Ω `M : A′ −A Γ; ∆′; · `M ′ : A′

Γ; ∆ ./ ∆′; Ω `MˆM ′ : A

Γ ` A′ : type Γ; ∆; Ω(z:A′) `M : A

Γ; ∆; Ω ` λ>z:A′. M : A′A

Γ; ∆; Ω ` M : A′A Γ; ∆′; Ω′; · ` M ′ : A′

Γ; ∆ ./∆′; ΩΩ′ `M >

M ′ : A

Γ ` A′ : type Γ; ∆; (z:A′)Ω `M : A

Γ; ∆; Ω ` λ<z:A′. M : A′A

Γ; ∆; Ω ` M : A′A Γ; ∆′; Ω′; · `M ′ : A′

Γ; ∆ ./ ∆′; Ω′Ω `M<

M ′ : A

Γ; ∆; Ω ` 〈〉 : >Γ; ∆; Ω `M1 : A1 Γ; ∆; Ω `M2 : A2

Γ; ∆; Ω ` 〈M1 , M2〉 : A1 &A2

Γ; ∆; Ω ` M : A1 &A2

Γ; ∆; Ω ` fstM : A1

Γ; ∆; Ω `M : A1 &A2

Γ; ∆; Ω ` sndM : A2

Γ; ∆; Ω `M : A Γ ` A = A′ : type

Γ; ∆; Ω `M : A′

197

13.3 Definitional Equality

In this section we define the equality judgement used in the kind conversion rule for

families and the type conversion rule for objects; the last typing rules for families

and objects respectively. Following [24], this equality is based on a notion of parallel

conversion plus extensionality, rather than directly on βη-conversion. We do not

include explicit reflexivity rules since they are admissible (Lemma 58).

Simultaneous Congruence

c:A ∈ Σ

Γ; ·; · ` c = c : A

x:A ∈ Γ

Γ; ·; · ` x = x : A

Γ; y:A; · ` y = y : A Γ; ·; z:A ` z = z : A

Γ ` A′1 = A′ : type Γ ` A′2 = A′ : type Γ(x:A′); ∆; Ω ` M = N : A

Γ; ∆; Ω ` λx:A′1. M = λx:A′2. N : Πx:A′. A

Γ; ∆; Ω `M = N : Πx:A′. A Γ; ·; · `M ′ = N ′ : A′

Γ; ∆; Ω `MM ′ = N N ′ : A[M ′/x]

Γ ` A′1 = A′ : type Γ ` A′2 = A′ : type Γ; ∆(y:A′); Ω ` M = N : A

Γ; ∆; Ω ` λy:A′1. M = λy:A′2. N : A′ −A

Γ; ∆; Ω ` M = N : A′ −A Γ; ∆′; · `M ′ = N ′ : A′

Γ; ∆ ./ ∆′; Ω `MˆM ′ = NˆN ′ : A

Γ ` A′1 = A′ : type Γ ` A′2 = A′ : type Γ; ∆; Ω(z:A′) `M = N : A

Γ; ∆; Ω ` λ>z:A′1. M = λ>

z:A′2. N : A′A

Γ; ∆; Ω `M = N : A′A Γ; ∆′; Ω′ `M ′ = N ′ : A′

Γ; ∆ ./∆′; ΩΩ′ ` M >

M ′ = N>

N ′ : A

198

Γ ` A′1 = A′ : type Γ ` A′2 = A′ : type Γ; ∆; (z:A′)Ω ` M = N : A

Γ; ∆; Ω ` λ<z:A′1. M = λ<

z:A′2. N : A′A

Γ; ∆; Ω `M = N : A′ A Γ; ∆′; Ω′ `M ′ = N ′ : A′

Γ; ∆ ./∆′; Ω′Ω ` M<

M ′ = N<

N ′ : A

Γ; ∆; Ω ` M1 = N1 : A1 Γ; ∆; Ω `M2 = N2 : A2

Γ; ∆; Ω ` 〈M1 , M2〉 = 〈N1 , N2〉 : A1 &A2

Γ; ∆; Ω `M = N : A1 &A2

Γ; ∆; Ω ` fstM = fstN : A1

Γ; ∆; Ω `M = N : A1 &A2

Γ; ∆; Ω ` sndM = sndN : A2

Extensionality

Γ ` A′ : type

Γ; ∆; Ω `M : Πx:A′. A

Γ; ∆; Ω ` N : Πx:A′. A Γ(x:A′); ∆; Ω `M x = N x : A

Γ; ∆; Ω ` M = N : Πx:A′. A

Γ ` A′ : typeΓ; ∆; Ω `M : A′ −AΓ; ∆; Ω ` N : A′ −A Γ; ∆(y:A′); Ω ` Mˆy = Nˆy : A

Γ; ∆; Ω `M = N : A′ −A

Γ ` A′ : typeΓ; ∆; Ω ` M : A′A

Γ; ∆; Ω ` N : A′A Γ; ∆; Ω(z:A′) `M >z = N

>z : A

Γ; ∆; Ω `M = N : A′A

Γ ` A′ : typeΓ; ∆; Ω `M : A′A

Γ; ∆; Ω ` N : A′A Γ; ∆; (z:A′)Ω `M<z = N

<z : A

Γ; ∆; Ω `M = N : A′ A

199

Γ; ∆; Ω `M : A1 &A2

Γ; ∆; Ω ` N : A1 &A2 Γ; ∆; Ω ` fstM = fstN : A1 Γ; ∆; Ω ` sndM = sndN : A2

Γ; ∆; Ω `M = N : A1 &A2

Γ; ∆; Ω `M : > Γ; ∆; Ω ` N : >Γ; ∆; Ω `M = N : >

Parallel Conversion

Γ ` A′ : type Γ(x:A′); ∆; Ω ` M = N : A Γ; ·; · `M ′ = N ′ : A′

Γ; ∆; Ω ` (λx:A′. M)M ′ = N [N ′/x] : A[N ′/x]

Γ ` A′ : type Γ; ∆(y:A′); Ω `M = N : A Γ; ∆′; · `M ′ = N ′ : A′

Γ; ∆ ./ ∆′; Ω ` (λy:A′. M ) M ′ = N [N ′/y] : A

Γ ` A′ : type Γ; ∆; Ω(z:A′) `M = N : A Γ; ∆′; Ω′ `M ′ = N ′ : A′

Γ; ∆ ./∆′; ΩΩ′ ` (λ>

z:A′. M)>

M ′ = N [N ′/z] : A

Γ ` A′ : type Γ; ∆; (z:A′)Ω `M = N : A Γ; ∆′; Ω′ `M ′ = N ′ : A′

Γ; ∆ ./∆′; Ω′Ω ` (λ<

z:A′. M)<

M ′ = N [N ′/z] : A

Γ; ∆; Ω `M1 = N1 : A1 Γ; ∆; Ω `M2 = N2 : A2

Γ; ∆; Ω ` fst 〈M1 , M2〉 = N1 : A1

Γ; ∆; Ω `M1 = N1 : A1 Γ; ∆; Ω `M2 = N2 : A2

Γ; ∆; Ω ` snd 〈M1 , M2〉 = N2 : A2

Equivalence

Γ; ∆; Ω ` M = N : A

Γ; ∆; Ω ` N = M : A

Γ; ∆; Ω `M = M ′ : A Γ; ∆; Ω ` M ′ = N : A

Γ; ∆; Ω ` M = N : A

200

Type Conversion

Γ; ∆; Ω `M = N : A Γ ` A = A′ : type

Γ; ∆; Ω `M = N : A′

Family Congruence

a:K ∈ Σ

Γ ` a = a : K

Γ ` A1 = A2 : Πx:A′. K Γ; ·; · ` M1 = M2 : A′

Γ ` A1M1 = A2M2 : K[N1/x]

Γ ` A′1 : type Γ ` A′1 = A′2 : type Γ(x:A′1) ` A1 = A2 : type

Γ ` Πx:A′1. A1 = Πx:A′2. A2 : type

Γ ` A′1 = A′2 : type Γ ` A1 = A2 : type

Γ ` A′1 −A1 = A′2 −A2 : type

Γ ` A′1 = A′2 : type Γ ` A1 = A2 : type

Γ ` A′1A1 = A′2A2 : type

Γ ` A′1 = A′2 : type Γ ` A1 = A2 : type

Γ ` A′1A1 = A′2A2 : type

Γ ` A′1 = A′2 : type Γ ` A1 = A2 : type

Γ ` A′1 &A1 = A′2 &A2 : type

Γ ` > = > : type

Family Equivalence

Γ ` A1 = A2 : K

Γ ` A2 = A1 : K

Γ ` A1 = A′1 : K Γ ` A′1 = A2 : K

Γ ` A1 = A2 : K

201

Kind Conversion

Γ ` A1 = A2 : K Γ ` K = K ′ : kind

Γ ` A1 = A2 : K ′

Kind Congruence

Γ ` type = type : kind

Γ ` A1 : type Γ ` A1 = A2 : type Γ(x:A1) ` K1 = K2 : kind

Γ ` Πx:A1. K1 = Πx:A2. K2 : kind

Kind Equivalence

Γ ` K1 = K2 : kind

Γ ` K2 = K1 : kind

Γ ` K1 = K ′1 : kind Γ ` K ′1 = K2 : kind

Γ ` K1 = K2 : kind

13.4 Properties of Typing and Equality

We show some basic properties of definitional equality. We use J to stand for any

judgement of the type theory to avoid some repetitive statements. Substitution

is extended to J in the obvious way; for example if J is N : B, then J [M/x] is

N [M/x] : B[M/x].

Lemma 57 (Weakening)

1. ΓΓ′ ` J implies Γ(x:A)Γ′ ` J .

2. ΓΓ′; ∆; Ω ` J implies Γ(x:A)Γ′; ∆; Ω ` J .


Lemma 58 (Reflexivity)

1. Γ; ∆; Ω `M : A implies Γ; ∆; Ω `M = M : A.

2. Γ ` A : K implies Γ ` A = A : K.

202

3. Γ ` K : kind implies Γ ` K = K : kind.


Lemma 59 (Substitution Property)

Assume all contexts are valid.

1. Γ; ·; · `M : A and Γ(x:A)Γ′ ` J implies Γ(Γ′[M/x]) ` J [M/x].

2. Γ; ·; · `M : A and Γ(x:A)Γ′; ∆; Ω ` J implies

Γ(Γ′[M/x]); ∆[M/x]; Ω[M/x] ` J [M/x].

3. Γ; ∆′; · ` M : A and Γ; ∆1(y:A)∆2; Ω ` J implies

Γ; (∆1 ./∆′)∆2; Ω ` J [M/y].

4. Γ; ∆′; Ω′ ` M : A and Γ; ∆; Ω1(z:A)Ω2 ` J implies

Γ; ∆ ./ ∆′; Ω1Ω′Ω2 ` J [M/z].


Lemma 60 (Context Conversion)

Assume ` Γ(x:A) uctx and Γ ` A′ : type and Γ ` A = A′ : type.

1. Γ(x:A) ` J implies Γ(x:A′) ` J .

2. Γ(x:A); ∆; Ω ` J implies Γ(x:A′); ∆; Ω ` J .

Proof: By Lemmas 57 and 59.

A stronger version of the next lemma which includes equality judgements is re-

quired. However, that must be postponed until after Lemma 63. For now we state

the following weaker version which we use in the proof of Lemma 63.

Lemma 61 (Functionality for Typing)

Assume ` Γ(x:A)Γ′ uctx and Γ; ·; · ` M = M ′ : A and Γ; ·; · ` M : A and

Γ; ·; · `M ′ : A.

203

1. Γ(x:A)Γ′; ∆; Ω ` N : B implies

Γ(Γ′[M/x]); ∆[M/x]; Ω[M/x] ` N [M/x] = N [M ′/x] : B[M/x].

2. Γ(x:A)Γ′ ` B : K implies Γ(Γ′[M/x]) ` B[M/x] = B[M ′/x] : K[M/x].

3. Γ(x:A)Γ′ ` K : kind implies Γ(Γ′[M/x]) ` K[M/x] = K[M ′/x] : kind.


Again we postpone a stronger version of the next lemma until after Lemma 63.

Lemma 62 (Inversion on Simple Types and Kinds)

1. Γ ` Πx:A1. A2 : K implies Γ ` A1 : type and Γ(x:A1) ` A2 : type.

2. Γ ` A1 −A2 : K implies Γ ` A1 : type and Γ ` A2 : type.

3. Γ ` A1A2 : K implies Γ ` A1 : type and Γ ` A2 : type.

4. Γ ` A1A2 : K implies Γ ` A1 : type and Γ ` A2 : type.

5. Γ ` A1 &A2 : K implies Γ ` A1 : type and Γ ` A2 : type.

6. Γ ` Πx:A. K : kind implies Γ ` A : type and Γ(x:A) ` K : kind.

Proof: Parts 1 through 5 by induction on the structure of the given derivation. Part

6 is immediate.

Lemma 63 (Validity)

Assume ` Γ uctx and Γ ` ∆ lctx and Γ ` Ω octx.

1. Γ; ∆; Ω `M : A implies Γ ` A : type.

2. Γ; ∆; Ω `M = N : A implies

Γ ` A : type and Γ; ∆; Ω ` M : A and Γ; ∆; Ω ` N : A.

3. Γ ` A : K implies Γ ` K : kind.

4. Γ ` A = B : K implies Γ ` K : kind and Γ ` A : K and Γ ` B : K.

5. Γ ` K = K ′ : kind implies Γ ` K : kind and Γ ` K ′ : kind.

204

Proof: By induction on the structure of the given derivation making use of Lem-

mas 61 and 62.

Lemma 64 (Functionality for Equality)

Assume ` Γ(x:A) uctx and Γ(x:A) ` ∆ lctx and Γ(x:A) ` Ω octx and

Γ; ·; · `M = M ′ : A.

1. Γ(x:A); ∆; Ω ` N = N ′ : B implies

Γ; ∆[M/x]; Ω[M/x] ` N [M/x] = N ′[M ′/x] : B[M/x].

2. Γ(x:A) ` A = B : K implies Γ ` A[M/x] = B[M ′/x] : K[M/x].

3. Γ(x:A) ` K = K ′ : kind implies Γ ` K[M/x] = K ′[M ′/x] : kind.

Proof: By Lemmas 63, 59 and 61.

Lemma 65 (Typing Inversion)


1. Γ; ∆; Ω ` c:A implies ∆ = · = Ω and c:B ∈ Σ and Γ ` A = B : type.

2. Γ; ∆; Ω ` x : A implies ∆ = · = Ω and x:B ∈ Γ and Γ ` A = B : type.

3. Γ; ∆; Ω ` y : A implies ∆ = y:B and Ω = · and Γ ` A = B : type.

4. Γ; ∆; Ω ` z : A implies ∆ = · and Ω = y:B and Γ ` A = B : type.

5. Γ; ∆; Ω `M1 M2 : A implies

Γ; ∆; Ω `M1 : Πx:A2. A1 and Γ; ·; · `M2 : A2 and

Γ ` A1[M2/x] = A : type.

6. Γ; ∆; Ω ` λx:A. M : B implies

Γ ` B = Πx:A. A′ : type and Γ ` A : type and Γ(x:A); ∆; Ω `M : A′.

7. Γ; ∆; Ω `M1ˆM2 : A implies

∆ = ∆1 ./∆2 and Γ ` A1 = A : type and

Γ; ∆1; Ω `M1 : A2 −A1 and Γ; ∆2; · ` M2 : A2.

8. Γ; ∆; Ω ` λy:A. M : B implies

Γ ` B = A−A′ : type and Γ ` A : type and Γ; ∆(y:A); Ω `M : A′.

205

9. Γ; ∆; Ω `M1>M2 : A implies

∆ = ∆1 ./∆2 and Ω = Ω1Ω2 and Γ ` A1 = A : type and

Γ; ∆1; Ω1 ` M1 : A2A1 and Γ; ∆2; Ω2 ` M2 : A2.

10. Γ; ∆; Ω ` λ>z:A. M : B implies

Γ ` B = AA′ : type and Γ ` A : type and Γ; ∆; Ω(z:A) `M : A′.

11. Γ; ∆; Ω `M1<M2 : A implies

∆ = ∆1 ./∆2 and Ω = Ω2Ω1 and Γ ` A1 = A : type and

Γ; ∆1; Ω1 ` M1 : A2 A1 and Γ; ∆2; Ω2 `M2 : A2.

12. Γ; ∆; Ω ` λ<z:A. M : B implies

Γ ` B = A A′ : type and Γ ` A : type and Γ; ∆; (z:A)Ω `M : A′.

13. Γ; ∆; Ω ` fstM : A implies Γ; ∆; Ω ` M : A1 &A2 and Γ ` A = A1 : type.

14. Γ; ∆; Ω ` sndM : A implies Γ; ∆; Ω `M : A1 &A2 and Γ ` A = A2 : type.

15. Γ; ∆; Ω ` 〈M1 , M2〉 : A implies

Γ ` A = A1 &A2 : type and Γ; ∆; Ω `M1 : A1 and Γ; ∆; Ω `M2 : A2.

16. Γ ` a : K implies a:K ′ ∈ Σ and Γ ` K = K ′ : kind.

17. Γ ` AM : K implies

Γ ` A : Πx:A1. K′ and Γ; ·; · `M : A1 and Γ ` K = K ′[M/x] : kind.

18. Γ ` Πx:A. B : K implies

Γ ` K = type : kind and Γ ` A : type and Γ(x:A) ` B : type.

19. Γ ` A−B : K implies

Γ ` K = type : kind and Γ ` A : type and Γ ` B : type.

20. Γ ` AB : K implies


21. Γ ` A B : K implies


22. Γ ` A&B : K implies


23. Γ ` > : K implies Γ ` K = type : kind.

206

24. Γ ` Πx:A. K : kind implies Γ ` A : type and Γ(x:A) ` K : kind.

Proof: By induction on structure of given derivation using Lemma 63.

Lemma 66 (Equality Inversion)

Assume ` Γ uctx.

1. Γ ` K = type : kind or Γ ` type = K : kind

implies K = type.

2. Γ ` K = Πx:A1. K1 : kind or Γ ` Πx:A1. K1 = K : kind

implies K = Πx:A2. K2 and Γ ` A1 = A2 : type and

Γ(x:A1) ` K1 = K2 : kind.

3. Γ ` A = Πx:B1. B2 : type or Γ ` Πx:B1. B2 = A : type

implies A = Πx:A1. A2 and Γ ` A1 = B1 : type and

Γ(x:A1) ` A2 = B2 : type.

4. Γ ` A = B1 −B2 : type or Γ ` B1 −B2 = A : type

implies A = A1 −A2 and Γ ` A1 = B1 : type and Γ ` A2 = B2 : type.

5. Γ ` A = B1B2 : type or Γ ` B1B2 = A : type

implies A = A1A2 and Γ ` A1 = B1 : type and Γ ` A2 = B2 : type.

6. Γ ` A = B1B2 : type or Γ ` B1 B2 = A : type

implies A = A1A2 and Γ ` A1 = B1 : type and Γ ` A2 = B2 : type.

7. Γ ` A = B1 &B2 : type or Γ ` B1 &B2 = A : type

implies A = A1 &A2 and Γ ` A1 = B1 : type and Γ ` A2 = B2 : type.

Proof: By induction on structure of given derivation using Lemma 60.

Lemma 67 (Injectivity)

1. Γ ` Πx:A. K = Πx:A′. K ′ : kind implies

Γ ` A = A′ : type and Γ(x:A) ` K = K ′ : kind.

2. Γ ` Πx:A1. A2 = Πx:B1. B2 : type implies

Γ ` A1 = B1 : type and Γ(x:A1) ` A2 = B2 : type.

207

3. Γ ` A1 −A2 = B1 −B2 : type implies

Γ ` A1 = B1 : type and Γ ` A2 = B2 : type.

4. Γ ` A1A2 = B1B2 : type implies


5. Γ ` A1A2 = B1B2 : type implies


6. Γ ` A1 &A2 = B1 &B2 : type implies


Proof: Immediate from Lemma 66.

At this point, we have stated all the properties we shall need to carry out our

proof. The next chapter introduces a different notion for equality which is obviously

decidable. We shall show that the two equalities coincide and thus prove decidablity

of type-checking in general for OLF.

208

Chapter 14

Algorithmic Equality

In this chapter we present an equality algorithm which is sound and complete with

respect to definitional equality of Section 13.3. We further show the decidability of

this equality procedure in Chapter 15. The algorithm is identical to that given in [59]

with a trivial extension to cover ordered types (which are treated identically to linear

types). As explained in [24] the algorithm consists of two stages. To compare two

objects at some arbitrary type, we first reduce the comparison to objects of base type

by applying extensionality rules. Then, to compare objects at base type, we reduce

each object to weak head normal form and compare heads. If the heads are equal we

continue on to compare the corresponding arguments.

The algorithm is type-directed and thus requires types to be carried along. How-

ever, this complicates the treatment of dependent types. The solution proposed in [24]

avoids such complications by using a simplified type structure which only contains

information about the shape of the object (e.g., it is a function, it is a pair); which is

really all that is necessary to parametrically apply extensionality rules and transform

a comparison at arbitrary type to one at base type. In practice this simply means

changing Π families into (non-dependent) → types and erasing the object (family)

dependencies from Π families (kinds).

The context splittings required by the definitional equality judgements further

complicate the correctness of the algorithm. However, as noted in [59], the linearity

constraints upon objects may be ignored for the purposes of equality checking (assum-

ing we know beforehand that the objects being compared are well-typed). The same

holds for the ordering constraints upon objects. Therefore our simplified type struc-

209

ture will treat all assumptions as unrestricted. However, in order to not complicate

substitution, we maintain the syntactical distinctions among variable names.

Here is the formal specification of the simplified type system:

Simple Kinds κ ::= type− | τ → κ

Simple Types τ ::= α |τ1→ τ2 | τ1 − τ2 |τ1 τ2 | τ1 τ2 |τ1 & τ2 | >

Simple Contexts Ψ ::= · | Ψ(x:τ ) | Ψ(y:τ ) | Ψ(z:τ )

Note that the simplified types are exactly the canonical types in Chapter 12.

We sometimes use Θ for simple contexts. Note that simplified contexts may con-

tain variables of all three syntactic forms– however, as we shall see, simplified contexts

treat all variables as unrestricted. We assume a simple base type a− for each constant

family a.

We now state an erasure function which simplifies OLF constructs.

(kind)− = kind−

(Πx:A. K)− = A−→K−

(type)− = type−

(a)− = a−

(AM)− = A−

(Πx:A1. A2)− = A−1 →A−2(A1 −A2)− = A−1 −A−2(A1A2)− = A−1 A−2(A1A2)− = A−1 A−2(A1 &A2)− = A−1 &A−2

(>)− = >(·)− = ·

(Γ(x:A))− = Γ−(x:A−)

(∆(y:A))− = ∆−(y:A−)

(Ω(z:A))− = Ω−(z:A−)

Erasure remains invariant under equality and substitution.

Lemma 68 (Erasure Preservation)

210

1. Γ ` A1 = A2 : K implies A−1 = A−2 .

2. Γ ` K1 = K2 : kind implies K−1 = K−2 .

3. Γ(x:A) ` B : K implies B− = B−[M/x].

4. Γ(x:A) ` K : kind implies K− = K−[M/x].


Here are the judgements for the equality algorithm:

Mwhr−→M ′ M weak head reduces to M’

Ψ `M ←→ N : τ M is structurally equal to N .

Ψ `M ⇐⇒ N : τ M equals N at simple type τ .

Ψ ` A1 ←→ A2 : κ A1 is structurally equal to A2.

Ψ ` A1 ⇐⇒ A2 : κ A1 equals A2 at simple kind κ.

Ψ ` K1 ⇐⇒ K2 : kind− Kind K1 equals kind K2.

For weak head reduction, Mwhr−→ M ′ we assume M is given and compute M ′ or

fail. For structural equality, Ψ `M ←→ N : τ we assume Ψ, M , and N are given and

compute τ or fail. Algorithmic equality, Ψ `M ⇐⇒ N : τ , simply checks for equality

and succeeds or fails. The same interpretations hold for the analogous judgements on

families and kinds.

Weak Head Reduction

(λx:A. M)Nwhr−→M [N/x]

Mwhr−→M ′

M Nwhr−→M ′N

(λy:A. M ) Nwhr−→M [N/y]

Mwhr−→M ′

MˆNwhr−→M ′ˆN

211

(λ<

z:A. M)<

Nwhr−→M [N/z]

Mwhr−→M ′

M<

Nwhr−→M ′

<

N

(λ>

z:A. M)>

Nwhr−→M [N/z]

Mwhr−→M ′

M>

Nwhr−→M ′

>

N

fst 〈M , N〉 whr−→M

Mwhr−→M ′

〈M , N〉 whr−→ 〈M ′ , N〉

snd 〈M , N〉 whr−→ N

Nwhr−→ N ′

〈M , N〉 whr−→ 〈M , N ′〉

Structural Object Equality We use u to stand for any syntactic variable class,

i.e., x or y or z.u:τ ∈ Ψ

Ψ ` u←→ u : τ

c:τ ∈ Σ

Ψ ` c←→ c : A−

Ψ `M1 ←→ N1 : τ2→ τ1 Ψ `M2 ⇐⇒ N2 : τ2

Ψ `M1 M2 ←→ N1N2 : τ1

Ψ `M1 ←→ N1 : τ2 − τ1 Ψ `M2 ⇐⇒ N2 : τ2

Ψ ` M1ˆM2 ←→ N1

ˆN2 : τ1

Ψ `M1 ←→ N1 : τ2 τ1 Ψ `M2 ⇐⇒ N2 : τ2

Ψ `M1>

M2 ←→ N1>

N2 : τ1

Ψ `M1 ←→ N1 : τ2 τ1 Ψ `M2 ⇐⇒ N2 : τ2

Ψ `M1<

M2 ←→ N1<

N2 : τ1

Ψ ` M ←→M ′ : τ1 & τ2

Ψ ` fstM ←→ fstM ′ : τ1

Ψ `M ←→M ′ : τ1 & τ2

Ψ ` sndM ←→ sndM ′ : τ2

212

Type-Directed Object Equality

Mwhr−→M ′ Ψ `M ′ ⇐⇒ N : α

Ψ ` M ⇐⇒ N : α

Nwhr−→ N ′ Ψ ` M ⇐⇒ N ′ : α

Ψ ` M ⇐⇒ N : α

Ψ `M ←→ N : α

Ψ `M ⇐⇒ N : α

Ψ(x:τ1) `M x⇐⇒ N x : τ2

Ψ ` M ⇐⇒ N : τ1→ τ2

Ψ(y:τ1) `Mˆy ⇐⇒ Nˆy : τ2

Ψ ` M ⇐⇒ N : τ1 − τ2

Ψ(z:τ1) `M >z ⇐⇒ N

>z : τ2

Ψ `M ⇐⇒ N : τ1 τ2

Ψ(z:τ1) `M<z ⇐⇒ N

<z : τ2

Ψ ` M ⇐⇒ N : τ1 τ2

Ψ `M ⇐⇒ N : >Ψ ` fstM ⇐⇒ fstN : τ1 Ψ ` sndM ⇐⇒ sndN : τ2

Ψ `M ⇐⇒ N : τ1 & τ2

Structural Family Equality

a:K ∈ Σ

Ψ ` a←→ a : K−Ψ ` A←→ B : τ → κ Ψ `M ⇐⇒ N : τ

Ψ ` AM ←→ BN : κ

Kind-Directed Family Equality

Ψ ` A←→ B : type−

Ψ ` A⇐⇒ B : type−

Ψ(x:τ ) ` Ax⇐⇒ B x : κ

Ψ ` A⇐⇒ B : τ → κ

Ψ ` A1 ⇐⇒ B1 : type− Ψ(x:A−1 ) ` A2 ⇐⇒ B2 : type−

Ψ ` Πx:A1. A2 ⇐⇒ Πx:B1. B2 : type−

Ψ ` A1 ⇐⇒ B1 : type− Ψ ` A2 ⇐⇒ B2 : type−

Ψ ` A1 −A2 ⇐⇒ B1 −B2 : type−

Ψ ` A1 ⇐⇒ B1 : type− Ψ ` A2 ⇐⇒ B2 : type−

Ψ ` A1A2 ⇐⇒ B1B2 : type−

213

Ψ ` A1 ⇐⇒ B1 : type− Ψ ` A2 ⇐⇒ B2 : type−

Ψ ` A1A2 ⇐⇒ B1 B2 : type−

Ψ ` > ⇐⇒ > : type−

Ψ ` A1 ⇐⇒ B1 : type− Ψ ` A2 ⇐⇒ B2 : type−

Ψ ` A1 &A2 ⇐⇒ B1 &B2 : type−

Algorithmic Kind Equality

Ψ ` type− ⇐⇒ type− : kind−

Ψ ` A⇐⇒ B : type− Ψ(x:A−) ` K ⇐⇒ K ′ : kind−

Ψ ` Πx:A. K ⇐⇒ Πx:B. K ′ : kind−

We now state some basic properties of our equality derivations.

Lemma 69 (Weakening for Algorithmic Equality)

For each algorithmic equality judgement J ,

ΨΨ′ ` J implies Ψ(x:τ )Ψ′ ` J .


Lemma 70 (Determinacy of Algorithmic Equality)

1. Mwhr−→M ′ and M

whr−→M ′′ implies M ′ = M ′′.

2. Ψ `M ←→ N : τ implies there is no M ′ s.t. Mwhr−→M ′.

3. Ψ `M ←→ N : τ implies there is no N ′ s.t. Nwhr−→ N ′.

4. Ψ `M ←→ N : τ and Ψ ` M ←→ N : τ ′ implies τ = τ ′.

5. Ψ ` A←→ B : κ and Ψ ` A←→ B : κ′ implies κ = κ′.

Proof: By structural induction on the given derivation. Parts 2 and 3 may be proved

by contradiction using inversion on the structural equality inference rules.

214

Lemma 71 (Symmetry of Algorithmic Equality)

1. Ψ `M ⇐⇒ N : τ implies Ψ ` N ⇐⇒M : τ .

2. Ψ `M ←→ N : τ implies Ψ ` N ←→M : τ .

3. Ψ ` A⇐⇒ B : κ implies Ψ ` B ⇐⇒ A : κ.

4. Ψ ` A←→ B : κ implies Ψ ` B ←→ A : κ.

5. Ψ ` K ⇐⇒ K ′ : kind− implies Ψ ` K ′ ⇐⇒ K : kind−.

Proof: By structural induction on the given derivations.

Lemma 72 (Transitivity of Algorithmic Equality)

1. Ψ `M ⇐⇒M ′ : τ and Ψ `M ′ ⇐⇒ N : τ implies Ψ `M ⇐⇒ N : τ .

2. Ψ `M ←→M ′ : τ and Ψ `M ′ ←→ N : τ implies Ψ `M ←→ N : τ .

3. Ψ ` A⇐⇒ A′ : κ and Ψ ` A′ ⇐⇒ B : κ implies Ψ ` A⇐⇒ B : κ.

4. Ψ ` A←→ A′ : κ and Ψ ` A′ ←→ B : κ implies Ψ ` A←→ B : κ.

5. Ψ ` K ⇐⇒ K ′ : kind− and Ψ ` K ′ ⇐⇒ K ′′ : kind− implies

Ψ ` K ⇐⇒ K ′′ : kind−.

Proof: By structural induction on the given derivations using Lemma 70.

14.1 Completeness of Algorithmic Equality

In this section we show that algorithmic equality is complete with respect to defini-

tional equality. The formal theorem we will show is:

Γ; ∆; Ω `M = N : A implies Γ−∆−Ω− `M ⇐⇒ N : A−

This is proved via logical relations defined on the simplified type of an object. Thus

we will show:

1. Γ; ∆; Ω `M = N : A implies Γ−∆−Ω− `M = N ∈ [[A−]]

215

2. Ψ `M = N ∈ [[A−]] implies Ψ `M ⇐⇒ N : A−

We use σ (and sometimes θ) to stand for substitutions.

Substitutions σ ::= · | σ,M/x | σ,M/y | σ,M/z

We assume as usual that no variable occurs more than once in a substitution. We

further assume tacit variable renaming takes place when necessary to maintain this

constraint. We denote the application of a substitution, σ, to a term, M , with σ(M).

We also assume parameterized identity substitutions, idx, on any context x.

We use the notation Ψ′ ≥ Ψ to denote that Ψ′ contains all declarations in Ψ and

possibly more.

We define a Kripke logical relation inductively on simple types. As usual, we

require that the property we wish to prove holds at base type. At higher types the

property is inductively maintained.

A Kripke Logical Relation

1. Ψ `M = N ∈ [[α]] iff Ψ `M ⇐⇒ N : α.

2. Ψ `M = N ∈ [[τ ′→ τ ]] iff ∀Ψ′,M ′, N ′.Ψ′ ≥ Ψ and Ψ′ `M ′ ⇐⇒ N ′ ∈ [[τ ′]] implies Ψ′ ` MM ′ ⇐⇒ N N ′ ∈ [[τ ]].

3. Ψ `M = N ∈ [[τ ′− τ ]] iff ∀Ψ′,M ′, N ′.Ψ′ ≥ Ψ and Ψ′ ` M ′ ⇐⇒ N ′ ∈ [[τ ′]] implies Ψ′ ` M M ′ ⇐⇒ N N ′ ∈ [[τ ]].

4. Ψ `M = N ∈ [[τ ′ τ ]] iff ∀Ψ′,M ′, N ′.Ψ′ ≥ Ψ and Ψ′ `M ′ ⇐⇒ N ′ ∈ [[τ ′]] implies Ψ′ `M>

M ′ ⇐⇒ N>N ′ ∈ [[τ ]].

5. Ψ `M = N ∈ [[τ ′ τ ]] iff ∀Ψ′,M ′, N ′.Ψ′ ≥ Ψ and Ψ′ `M ′ ⇐⇒ N ′ ∈ [[τ ′]] implies Ψ′ `M<

M ′ ⇐⇒ N<N ′ ∈ [[τ ]].

6. Ψ `M = N ∈ [[τ1 & τ2]] iff

Ψ ` fstM = fstN ∈ [[τ1]] and Ψ ` sndM = sndN ∈ [[τ2]].

7. Ψ `M = N ∈ [[>]].

8. Ψ ` A = B ∈ [[type−]] iff Ψ ` A⇐⇒ B : type−.

216

9. Ψ ` A = B ∈ [[τ→ κ]] iff ∀Ψ′,M,N.

Ψ′ ≥ Ψ and Ψ′ `M ⇐⇒ N ∈ [[τ ]] implies Ψ′ ` AM ⇐⇒ BN ∈ [[κ]].

10. Ψ ` σ = θ ∈ [[·]] iff σ = · = θ.

11. Ψ ` σ = θ ∈ [[Θ, u:τ ]] iff

σ = (σ′,M/u) and θ = (θ′, N/u) and

Ψ `M = N ∈ [[τ ]] and Ψ ` σ′ = θ′ ∈ [[Θ]].

Lemma 73 (Weakening for Logical Relations)

For each logical relation R, ΨΨ′ ` R implies Ψ(x:τ )Ψ′ ` R.

Proof: By induction on the type or kind.

We may now show the second part of our proof.

Theorem 74 (Logically Related Terms are Algorithmically Equal)

1. Ψ `M = N ∈ [[τ ]] implies Ψ ` M ⇐⇒ N : τ .

2. Ψ ` A = B ∈ [[κ]] implies Ψ ` A⇐⇒ B : κ.

3. Ψ `M ←→ N : τ implies Ψ `M = N ∈ [[τ ]].

4. Ψ ` A←→ B : κ implies Ψ ` A = B ∈ [[κ]].

Proof: By induction on the structure of τ or κ.

The first part of our proof requires a few extra lemmas.

Lemma 75 (Closure Under Head Expansion)

1. Mwhr−→M ′ and Ψ `M ′ = N ∈ [[τ ]] implies Ψ `M = N ∈ [[τ ]].

2. Nwhr−→ N ′ and Ψ `M = N ′ ∈ [[τ ]] implies Ψ `M = N ∈ [[τ ]].

Proof: By induction on the structure of τ .

Lemma 76 (Symmetry of Logical Relation)

217

1. Ψ `M = N ∈ [[τ ]] implies Ψ ` N = M ∈ [[τ ]].

2. Ψ ` A = B ∈ [[κ]] implies Ψ ` B = A ∈ [[κ]].

3. Ψ ` σ = θ ∈ [[Θ]] implies Ψ ` θ = σ ∈ [[Θ]].

Proof: By induction on the structure of τ , κ, and Θ using Lemma 71.

Lemma 77 (Transitivity of Logical Relation)

1. Ψ `M = M ′ ∈ [[τ ]] and Ψ `M ′ = N ∈ [[τ ]] implies Ψ `M = N ∈ [[τ ]].

2. Ψ ` A = A′ ∈ [[κ]] and Ψ ` A′ = B ∈ [[κ]] implies Ψ ` A = B ∈ [[κ]].

3. Ψ ` σ = σ′ ∈ [[Θ]] and Ψ ` σ′ = θ ∈ [[Θ]] implies Ψ ` σ = θ ∈ [[Θ]].

Proof: By induction on the structure of τ , κ, and Θ using Lemmas 72.

We may now prove a generalization of the first part of our proof.

Lemma 78

(Definitionally Equal Terms are Logically Related Under Substitutions)

1. Γ; ∆; Ω `M = N : A and Ψ ` σ = θ ∈ [[Ψ′]] and Ψ′ ≥ Γ−∆−Ω− implies

Ψ ` σ(M) = θ(N) ∈ [[A−]].

2. Γ ` A = B : K and Ψ ` σ = θ ∈ [[Ψ′]] and Ψ′ ≥ Γ− implies

Ψ ` σ(A) = θ(B) ∈ [[K−]].

Proof: By induction on the given derivation of definitional equality using the prior

results in this section.

It is now easy to finish off the proof of completeness of algorithmic equality.

Lemma 79 (Identity Substitutions are Logically Related)

Ψ ` idΨ = idΨ ∈ [[Ψ]].

Proof: By definition of [[Ψ]] and Theorem 74

218

Theorem 80 (Definitionally Equal Terms are Logically Related)

1. Γ; ∆; Ω `M = N : A implies Γ−∆−Ω− `M = N ∈ [[A−]].

2. Γ ` A = B : K implies Γ− ` A = B ∈ [[K−]].

Proof: By Lemmas 78 and 79.

Theorem 81 (Completeness of Algorithmic Equality)

1. Γ; ∆; Ω `M = N : A implies Γ−∆−Ω− `M ⇐⇒ N : A−.

2. Γ ` A = B : K implies Γ− ` A⇐⇒ B : K−.

Proof: By Theorems 80 and 74.

14.2 Soundness of Algorithmic Equality

In this section we show the soundness of algorithmic equality with respect to defi-

nitional equality. In general this does not hold since the algorithmic equality does

not force the objects being compared to be well-typed, or even have the same types.

However, if we restrict attention to well-typed objects of the same type, then we get

a soundness result.

A further difficulty lies in the simplified type structure, used by the algorithmic

equality, which ignores linearity and ordering constraints. We must therefore rely

upon the objects’ typing derivations to recover hypothesis management, required by

definitional equality derivations, satisfying linearity and ordering constraints. How-

ever, due to the presence of >, two typing derivations for equal objects can disagree

about which linear and ordered hypotheses are consumed in a derivation branch. The

solution adopted in [59] gets around this problem by constructing a mediating object,

for algorithmically equal objects, which is definitionally equal to both given objects.

Before proceeding to the main lemma, we need to show the following result.

Lemma 82 (Subject Reduction)

Mwhr−→M ′ and Γ; ∆; Ω ` M : A implies Γ; ∆; Ω `M = M ′ : A.

219

Proof: By induction on the given weak head reduction derivation making use of

Lemmas 62, 67 and 59.

We may now prove the following lemma which directly implies the result we want.

Lemma 83 (Algorithmically Equal Well-Formed Terms Have Mediating Terms)

Assume ` Γ uctx and Γ ` ∆1 lctx and Γ ` ∆2 lctx and Γ ` Ω1 lctx and

Γ ` Ω2 octx.

1. Γ; ∆1; Ω1 ` M : A and Γ; ∆2; Ω2 ` N : A and Ψ `M ⇐⇒ N : A− and

Ψ ≥ Γ−∆−1 Ω−1 and Ψ ≥ Γ−∆−2 Ω−2 implies

∃P. Γ; ∆1; Ω1 ` P = M : A and Γ; ∆2; Ω2 ` P = N : A.

2. Γ; ∆1; Ω1 ` M : A and Γ; ∆2; Ω2 ` N : B and Ψ `M ←→ N : τ


∃C, P. Γ ` C = A : type and Γ ` C = B : type

and Γ; ∆1; Ω1 ` P = M : C and Γ; ∆2; Ω2 ` P = N : C

and A− = B− = C− = τ .

3. Γ ` A : K and Γ ` B : K and Γ− ` A⇐⇒ B : K− implies Γ ` A = B : K.

4. Γ ` A1 : K1 and Γ ` A2 : K2 and Γ− ` A1 ←→ A2 : κ implies

Γ ` A1 = A2 : K1 and Γ ` K1 = K2 : kind and K−1 = K−2 = κ.

5. Γ ` K : kind and Γ ` K ′ : kind and Γ− ` K ←→ K ′ : kind−

implies Γ ` K = K ′ : kind.

Proof: By induction on the given algorithmic equality derivation using inversion and

injectivity properties.

Theorem 84 (Soundness of Algorithmic Equality)


1. Γ; ∆; Ω `M : A and Γ; ∆; Ω ` N : A and Γ−∆−Ω− `M ⇐⇒ N : A−

implies Γ; ∆; Ω `M = N : A.


220

Proof: By Lemma 83, symmetry and transitivity.

Now that we have shown the correctness of algorithmic equality, with respect to

definitional equality, we are ready to show decidability of OLF type-checking.

221

222

Chapter 15

Decidability and Canonical Forms

In this chapter we show that the type checking for OLF is decidable and that there ex-

ists a notion of canonical form in OLF suitable for logical framework representations.

We first show that algorithmic equality is decidable. We then use the correctness of

algorithmic equality, Theorems 81 and 84, to show decidability of type-checking.

The notion of canonical form we will define will come from the algorithmic equal-

ity derivations. Specifically, we will make use of the fact that the mediating terms

mentioned in Lemma 83 are unique up to the type labels on bound variables. We will

define a canonical representation for each equivalence class of mediating terms which

will serve as a representative for a given type.

15.1 Decidability of Equality

An object is normalizing if it is algorithmically equal to some other object.

Lemma 85 (Decidability of Normalizing Terms)

1. Ψ `M ⇐⇒M ′ : τ and Ψ ` N ⇐⇒ N ′ : τ implies

it is decidable whether Ψ `M ⇐⇒ N : τ .

2. Ψ `M ←→M ′ : τ1 and Ψ ` N ←→ N ′ : τ2 implies

it is decidable whether Ψ `M ←→ N : τ3 for some τ3.

3. Ψ ` A⇐⇒ A′ : κ and Ψ ` B ⇐⇒ B′ : κ implies

it is decidable whether Ψ ` A⇐⇒ B : κ.

223

4. Ψ ` A←→ A′ : κ1 and Ψ ` B ←→ B′ : κ2 implies

it is decidable whether Ψ ` A←→ B : κ3 for some κ3.

5. Ψ ` K1 ⇐⇒ K ′1 : kind− and Ψ ` K2 ⇐⇒ K ′2 : kind− implies

it is decidable whether Ψ ` K1 ⇐⇒ K2 : kind−.

Proof: By induction on the structure of the given derivation using Lemma 70.

Lemma 86 (Decidability of Algorithmic Equality)

1. Γ; ∆; Ω `M : A and Γ; ∆; Ω ` N : A implies

it is decidable whether Γ−∆−Ω− ` M ⇐⇒ N : A−.

2. Γ ` A : K and Γ ` B : K implies

it is decidable whether Γ− ` A⇐⇒ B : K−.

3. Γ ` K : kind− and Γ ` K ′ : kind− implies

it is decidable whether Γ− ` K ⇐⇒ K ′ : kind−.

Proof: By Lemma 58 and Theorem 81 both M and N are normalizing. Then, by

Lemma 85 we are done.

Theorem 87 (Decidability of Definitional Equality)

Γ; ∆; Ω `M : A and Γ; ∆; Ω ` N : A implies

it is decidable whether Γ; ∆; Ω `M = N : A.

Γ ` A : K and Γ ` B : K implies

it is decidable whether Γ ` A = B : K.

Γ ` K : kind and Γ ` K ′ : kind implies

it is decidable whether Γ ` K = K ′ : kind.

Proof: By Theorems 81, 84 and Lemma 86.

224

15.2 Decidability of OLF Type-Checking

We now present a decidable version of the typing rules from Section 13.2 which is

essentially a trivial extension of the algorithmic type-checking rules given in [24].

These rules use algorithmic equality, rather than definitional equality, and should be

used in a bottom-up fashion.

We introduce the following new judgements for algorithmic type-checking:

Γ ` K ⇒ kind K is a valid kind

Γ ` A⇒ K A has kind K

Γ; ∆; Ω `M ⇒ A M has type A

We may operationally think of everything to the left of ⇒ as input and the family,

or kind, to the right of ⇒ as output.

Kinds

Γ ` type⇒ kind

Γ ` A⇒ type Γ(x:A) ` K ⇒ kind

Γ ` Πx:A. K ⇒ kind

Families

a:K ∈ Σ

Γ ` a⇒ K

Γ ` A⇒ Πx:B. K Γ `M ⇒ B′ Γ− ` B ⇐⇒ B′ : type

Γ ` AM ⇒ K[M/x]

Γ ` A1 ⇒ type Γ(x:A1) ` A2 ⇒ type

Γ ` Πx:A1. A2 ⇒ type

Objects

c:A ∈ Σ

Γ; ·; · ` c⇒ A

x:A ∈ Γ

Γ; ·; · ` x⇒ A Γ; y:A; · ` y ⇒ A Γ; ·; z:A ` z ⇒ A

Γ ` A′ ⇒ type Γ(x:A′); ∆; Ω `M ⇒ A

Γ; ∆; Ω ` λx:A′. M ⇒ Πx:A′. A

Γ; ∆; Ω `M ⇒ Πx:B. A Γ; ·; · ` M ′ ⇒ B′ Γ− ` B ⇐⇒ B′ : type

Γ; ∆; Ω `MM ′ ⇒ A[M ′/x]

225

Γ ` A′ ⇒ type Γ; ∆(y:A′); Ω ` M ⇒ A

Γ; ∆; Ω ` λy:A′. M ⇒ A′ −A

Γ; ∆; Ω `M ⇒ B −A Γ; ∆′; · `M ′ ⇒ B′ Γ− ` B ⇐⇒ B′ : type

Γ; ∆ ./ ∆′; Ω `MˆM ′ ⇒ A

Γ ` A′ ⇒ type Γ; ∆; Ω(z:A′) `M ⇒ A

Γ; ∆; Ω ` λ>z:A′. M ⇒ A′A

Γ; ∆; Ω ` M ⇒ BA Γ; ∆′; Ω′; · `M ′ ⇒ B′ Γ− ` B ⇐⇒ B′ : type

Γ; ∆ ./∆′; ΩΩ′ ` M >

M ′ ⇒ A

Γ ` A′ ⇒ type Γ; ∆; (z:A′)Ω `M ⇒ A

Γ; ∆; Ω ` λ<z:A′. M ⇒ A′A

Γ; ∆; Ω `M ⇒ B A Γ; ∆′; Ω′; · `M ′ ⇒ B′ Γ− ` B ⇐⇒ B′ : type

Γ; ∆ ./∆′; Ω′Ω ` M<

M ′ ⇒ A

Γ; ∆; Ω ` 〈〉 ⇒ >Γ; ∆; Ω `M1 ⇒ A1 Γ; ∆; Ω `M2 ⇒ A2

Γ; ∆; Ω ` 〈M1 , M2〉 ⇒ A1 &A2

Γ; ∆; Ω `M ⇒ A1 &A2

Γ; ∆; Ω ` fstM ⇒ A1

Γ; ∆; Ω `M ⇒ A1 &A2

Γ; ∆; Ω ` sndM ⇒ A2

Γ; ∆; Ω ` M ⇒ A Γ ` A = A′ ⇒ type

Γ; ∆; Ω `M ⇒ A′

Note that these typing rules are completely syntax-directed; each form of object ap-

pears in the conclusion of only one rule, whose premises contain only subcomponents

of the object; and similarly for families and kinds.

We also assume new algorithmic type-checking based judgements to check validity

for signatures and contexts.

226

Lemma 88 (Correctness of Algorithmic Type-Checking)

1. Γ; ∆; Ω `M ⇒ A implies Γ; ∆; Ω `M : A.

2. Γ; ∆; Ω `M : A implies

∃A′. Γ; ∆; Ω ` A = A′ : type and Γ; ∆; Ω `M ⇒ A′.

Proof: Part 1 is proved by induction on the structure of the given derivation using

Lemma 63, Theorem 84, and the type conversion rule.

Part 2 is proved by induction on the structure of the given derivation using tran-

sitivity definitional equality rules, Lemma 66 and Theorem 81.

Theorem 89 (Decidability of Type-Checking)

1. ` Γ uctx is decidable.

2. ` Γ uctx implies Γ ` ∆ lctx and Γ ` Ω octx are decidable.

3. ` Γ uctx and Γ ` ∆ lctx and Γ ` Ω octx

implies Γ; ∆; Ω `M : A is decidable.

4. ` Γ uctx implies Γ ` A : K is decidable.

5. ` Γ uctx implies Γ ` K : kind is decidable.

Proof: There exists at most one A′ such that Γ; ∆; Ω ` M ⇒ A′ since the algo-

rithmic typing rules are syntax-directed and algorithmic equality is decidable. Then

by Lemma 88, Γ; ∆; Ω ` M : A iff Γ ` A = A′ : type which can be decided by

checking Γ− ` A⇐⇒ A′ : type−.

15.3 Canonical Forms

We now turn our attention to identifying canonical forms for OLF.

We will start off by instrumenting the algorithmic equality judgements to produce

the mediating object for two equal objects. These mediating objects will be unique.

However, since algorithmic equality uses simplified types, we will not be able to

227

construct an actual OLF object (we can recover the type-labels later from the actual

type of the terms).

Rather we will construct an OLF object without the type labels on bound vari-

ables. This object will be unique. We will call such objects quasi objects and define

them as follows:

Quasi objects Q ::= x | y | z |λx. Q | Q1Q2 |λy. Q | Q1

ˆQ2 |λ>z. Q | Q1

>Q2 |

λ<z. Q | Q1

<Q2 |

〈Q1 , Q2〉 | fstQ | sndQ | 〈〉

We can now define the notions of quasi-canonical and quasi-atomic form, with the

usual two mutually recursive judgments:

Γ; ∆; Ω ` Q ⇑ A Q is quasi-canonical at type A

Γ; ∆; Ω ` Q ↓ A Q is quasi-atomic at type A

The derivation rules for these judgements are as follows:

Variables

uvarΓ1(x:A)Γ2; ·; · ` x ↓ A

lvarΓ; y:A; · ` y ↓ A

ovarΓ; ·; z:A ` z ↓ A

Atomic Types.

Γ; ∆; Ω ` Q ↓ a′ Γ ` a′ = a : typecoercion

Γ; ∆; Ω ` Q ⇑ a

228

Unrestricted Functions.

Γ(x:A); ∆; Ω ` Q′ ⇑ BΠI

Γ; ∆; Ω ` λx. Q′ ⇑ Πx:A. B

Γ; ∆; Ω ` Q ↓ Πx:A. B Γ; ·; · ` Q′ ⇑ AΠE

Γ; ∆; Ω ` QQ′ ↓ B[(Q′)]A/x]

Linear Functions.

Γ; ∆(y:A); Ω ` Q′ ⇑ B−I

Γ; ∆; Ω ` λy. Q′ ⇑ A−B

Γ; ∆; Ω ` Q ↓ A−B Γ; ∆′; · ` Q′ ⇑ A−E

Γ; ∆ ./∆′; Ω ` QˆQ′ ↓ B

Right Ordered Functions.

Γ; ∆; Ω(z:A) ` Q′ ⇑ BI

Γ; ∆; Ω ` λ>z. Q′ ⇑ AB

Γ; ∆; Ω ` Q ↓ AB Γ; ∆′; Ω′ ` Q′ ⇑ AE

Γ; ∆ ./ ∆′; ΩΩ′ ` Q>

Q′ ↓ B

Left Ordered Functions.

Γ; ∆; (z:A)Ω ` Q′ ⇑ BI

Γ; ∆; Ω ` λ<z. Q′ ⇑ AB

Γ; ∆; Ω ` Q ↓ AB Γ; ∆′; Ω′ ` Q′ ⇑ AE

Γ; ∆ ./ ∆′; Ω′Ω ` Q<

Q′ ↓ B

Additive Pairs.

Γ; ∆; Ω ` Q1 ⇑ A Γ; ∆; Ω ` Q2 ⇑ B&I

Γ; ∆; Ω ` 〈Q1 , Q2〉 ⇑ A&B

Γ; ∆; Ω ` Q ↓ A&B&E1

Γ; ∆; Ω ` fstQ ↓ AΓ; ∆; Ω ` Q ↓ A&B

&E2Γ; ∆; Ω ` sndQ ↓ B

229

Additive Unit.

>IΓ; ∆; Ω ` 〈〉 ⇑ >

Given a derivation of Γ; ∆; Ω ` Q ⇑ A, one may produce an actual OLF object by

adding type labels to Q. We use the notation (Q)]A to denote this operation. Note

that this operation is compositional, i.e., (Q[Q′/x])]A = (Q)]A[(Q′)]A′/x] where A is the

(given) type of the whole term, and A′ is the type of variable x in context.

We make use of the following properties of quasi-canonical forms.

Lemma 90

1. Γ1Γ2; ∆; Ω ` Q ⇑ A implies Γ1ΓΓ2; ∆; Ω ` Q ⇑ A.

2. Γ; ∆; Ω1(z:A′)Ω2 ` Q ⇑ A implies Γ(x:A′); ∆; Ω1Ω2 ` Q[x/z] ⇑ A.

3. Γ; ∆1(y:A′)∆2; Ω ` Q ⇑ A implies Γ(x:A′); ∆1∆2; Ω ` Q[x/z] ⇑ A.


Note that quasi-canonical objects are simply objects in βη-long form which are

missing type labels on bound variables.

Theorem 91

Assume Γ ` A : type.

1. Γ; ∆; Ω ` Q ⇑ A implies Γ; ∆; Ω ` (Q)]A : A.

2. Γ; ∆; Ω ` Q ↓ A implies Γ; ∆; Ω ` (Q)]A : A.


We use the notation M [ for the result of erasing type labels from an OLF objectM

to get a quasi object. Note that this operation is compositional, i.e., (M [M ′/x])[ =

(M)[[(M ′)[/x].

We now restate Lemma 83 to explicitly characterize the form of the mediating

terms using the quasi canonical judgements.

230

Lemma 92 (Almost Canonical Forms)

Assume ` Γ uctx and Γ ` ∆1 lctx and Γ ` ∆2 lctx and Γ ` Ω1 lctx and

Γ ` Ω2 octx.

1. Γ; ∆1; Ω1 ` M : A and Γ; ∆2; Ω2 ` N : A and Ψ `M ⇐⇒ N : A− and


there exists a P such that

Γ; ∆1; Ω1 ` P = M : A and Γ; ∆2; Ω2 ` P = N : A and

Γ; ∆1; Ω1 ` (P )[ ⇑ A and

P is unique up definitional equality of type labels.

2. Γ; ∆1; Ω1 ` M : A and Γ; ∆2; Ω2 ` N : B and Ψ `M ←→ N : τ

and Ψ ≥ Γ−∆−1 Ω−1 and Ψ ≥ Γ−∆−2 Ω−2 implies

there exists C and P such that

Γ ` C = A : type and Γ ` C = B : type and

Γ; ∆1; Ω1 ` P = M : C and Γ; ∆2; Ω2 ` P = N : C and

A− = B− = C− = τ and Γ; ∆1; Ω1 ` (P )[ ↓ C and

P is unique up to definitional equality of type labels.


4. Γ ` A1 : K1 and Γ ` A2 : K2 and Γ− ` A1 ←→ A2 : κ implies

Γ ` A1 = A2 : K1 and Γ ` K1 = K2 : kind and K−1 = K−2 = κ.

5. Γ ` K : kind and Γ ` K ′ : kind and Γ− ` K ←→ K ′ : kind−

implies Γ ` K = K ′ : kind.

Proof: By induction on the given algorithmic equality derivation using inversion and

injectivity properties.

Define acnf(M) to be the P resulting from an application of Lemma 92 to two

derivations of Γ; ∆; Ω `M : A.

Theorem 93 (Quasi-Canonical Forms)

Γ; ∆; Ω `M : A implies Γ; ∆; Ω ` (acnf(M))[ ⇑ A.

Proof: Direct from Lemma 92.

231

As stated in Lemma 92, for a given well-typed OLF term M , its almost-canonical

form, acnf(M), is unique up to typing labels. Therefore, the quasi-canonical, (acnf(M))[,

is unique. Thus we can use quasi-canonical forms for logical framework representa-

tions.

Lemma 94

1. Γ; ∆; Ω `M : A implies ((acnf(M))[)]A = acnf(M).

2. Γ; ∆; Ω ` Q ⇑ A implies ((Q)]A)[ = Q and acnf((Q)]A) = (Q)]A.


We have the following special substitution properties for quasi-canonical forms.

Note that the type being substituted into must be constant.

Lemma 95

1. Γ; ·; · ` Q′ ↓ a and Γ(x:a)Γ′; ∆; Ω ` Q ⇑ A implies

Γ(Γ′[(Q′)]a/x]); ∆[(Q′)]a/x]; Ω[(Q′)]a/x] ` Q[Q′/x] ⇑ A.

2. Γ; ∆′; · ` Q′ ↓ a and Γ; ∆1(y:a)∆2; Ω ` Q ⇑ A implies

Γ; (∆1 ./∆′)∆2; Ω ` Q[Q′/y] ⇑ A.

3. Γ; ∆′; Ω′ ` Q′ : a and Γ; ∆ ./ ∆′; Ω1(z:a)Ω2 ` Q ⇑ A implies

Γ; ∆; Ω1Ω′Ω2 ` Q[Q′/z] ⇑ A.

4. Γ; ·; · ` Q′ ↓ a and Γ(x:a)Γ′; ∆; Ω ` Q ↓ A implies

Γ(Γ′[(Q′)]a/x]); ∆[(Q′)]a/x]; Ω[(Q′)]a/x] ` Q[Q′/x] ↓ A.

5. Γ; ∆′; · ` Q′ ↓ a and Γ; ∆1(y:a)∆2; Ω ` Q ↓ A implies

Γ; (∆1 ./∆′)∆2; Ω ` Q[Q′/y] ↓ A.

6. Γ; ∆′; Ω′ ` Q′ : a and Γ; ∆ ./ ∆′; Ω1(z:a)Ω2 ` Q ↓ A implies

Γ; ∆; Ω1Ω′Ω2 ` Q[Q′/z] ↓ A.

232

Proof: Direct from Lemma 59, Lemma 94, Theorem 93, Theorem 91, the compo-

sitionality of (−)] and (−)[, and the fact that the substitution of a constant type

introduces no new redices.

The next section shows an example of how OLF may be used to represent deductive

systems. The adequacy proofs for the example will illustrate how quasi-canonical

forms really are strong enough for OLF representations. Chapter 16 shows how OLF

can be used to analyze syntactic properties of the CPS transform.

233

15.4 DeBruijn Terms in OLF

In this section we show a small example application of OLF. In Chapter 10 we gave

an Olli program for translating regular lambda terms to deBruijn terms (or vice-

versa). We will now recast that example in OLF and prove the correctness of our

OLF representation. We begin by reviewing the formal definition of regular terms,

deBruijn terms, and the translation between the two.

Regular Terms e ::= x | e1 e2 | λx. e

deBruijn Terms e′ ::= 1 | e′ ↑ | e′1 e′2 | Λe′

We use λ for regular terms to distinguish them from unrestricted OLF functions

written with λ.

We use the judgement

x1 . . . xn ` e↔ e′

to translate between regular and deBruijn terms. We use K to stand for x1 . . . xn.

Here are the derivation rules for our translation judgement.

K ` e1 ↔ e′1 K ` e2 ↔ e′2tr app

K ` e1 e2 ↔ e′1 e′2

K x ` e↔ e′tr lamx

K ` λx. e↔ Λ e′

tr 1K x ` x↔ 1

K ` e↔ e′tr ↑

K x ` e↔ e′ ↑

where x does not occur in K in the tr lamx rule.

We can now write down an OLF signature with constants for representing all of

the above judgements and rules. We start with the abstract syntax for regular and

deBruijn terms:

exp : type.

lam : (exp→ exp)→ exp.

app : exp→ exp→ exp.

exp’ : type.

lam’ : exp’→ exp’.

app’ : exp’→ exp’→ exp’.

shift : exp’→ exp’.

one : exp’.

Note that these constants are the same as the signature used by the Olli translation

program.

234

We define the following representation function (p−q), and its inverse (x−y), which

form a bijection between regular terms and quasi-canonical objects:

pxq = x

pλx. eq = lam (λx. peq)pe1 e2q = app pe1q pe2q

xxy = x

xlam (λx. E)y = λx. xEyxappE1E2y = xE1y xE2y

Note that pe[e1/x]q = peq[pe1q/x].

Lemma 96 For every regular term e

Γ; ·; · ` peq ⇑ exp

where Γ = x1:exp . . . xn:exp for each xi free in e.

Proof: By structural induction on e.

Note that Γ; ·; · ` (peq)]exp : exp.

Lemma 97

Γ; ·; · ` Q ⇑ exp implies xQy is a well-formed regular term.

Proof: Immediate from fact that x−y is a function.

Note that Γ; ·; · ` (Q)]exp : exp.

Theorem 98

1. x((peq)]exp)[y = e.

2. Γ; ·; · `M : exp implies (px(acnf(M))[yq)]exp = acnf(M).

Proof: Direct from previous definitions, Lemma 94 and Theorem 93.

We define the following function (p−q), and its inverse (x−y), which form a bi-

jection between deBruijn terms and quasi-canonical objects:

p1q = one

pe′ ↑q = shift pe′qpΛe′q = lam’ pe′qpe′1 e′2q = app’ pe′1q pe′2q

xoney = 1

xshiftE′y = xE′y ↑xlam’E′y = ΛxE′y

xapp’E′1E′2y = xE′1y xE′2y

Note that the quasi-canonical objects do not contain variable binders and thus are

also actual OLF objects.

235

Lemma 99 For every deBruijn term e′

·; ·; · ` pe′q ⇑ exp’

Proof: By structural induction on e′.

Lemma 100

·; ·; · ` Q ⇑ exp’ implies xQy is a well-formed deBruijn term.


Theorem 101

1. x((pe′q)]exp’)[y = e′.

2. Γ; ·; · `M : exp’ implies (px(acnf(M))[yq)]exp’

= acnf(M).

Proof: Direct from previous definitions, Lemma 94 and Theorem 93.

We now move on to the translation judgements. Because we will use the ordered

context to implicitly represent the environments (K from the translation judgements

given at the beginning of this section) we also need to define a helper constant which

allows us to store terms of type exp in the ordered context.

tr : exp→ exp’→ type.

var : exp→ type.

236

We can now define constructors to represent the derivation rules.

tr app’ : ΠE1:exp. ΠE1′:exp’. ΠE2:exp. ΠE2′:exp’.

trE1E1′ & trE2E2′tr (appE1E2) (app’E1′E2′).

tr lam’ : ΠE:exp→ exp. ΠE′:exp’.

(Πx:exp. var x tr (E x)E′)tr (lamE) (lam’E′).

tr one : ΠE:exp.

>varEtrE one.

tr shift : ΠF :exp. ΠE:exp. ΠE′:exp’.

trEE′varFtrE (shiftE′).

Note that these declarations are the clauses of the Olli translation program.

We define d−e and b−c on variable lists and ordered contexts as follows:

d·e = · dK xe = dKe (v:var x) (for fresh v)

b·c = · bΩ (v:var x)c = bΩc x

Lemma 102

K ` e↔ e′ implies there exists a Q such that

Γ; ·; dKe ` Q ⇑ tr (peq)]exp (pe′q)]exp’where Γ = x1:exp . . . xn:exp for each xi in K.


Note that Γ; ·; dKe ` (Q)]tr (peq)]exp (pe′q)]exp’

: tr (peq)]exp (pe′q)]exp’

.

Lemma 103

Γ; ·; v1:var x1 . . . vn:var xn ` Q ⇑ trEE′ implies

bv1:var x1 . . . vn:var xnc ` x(acnf(E))[y↔ x(acnf(E′))[y.


237

Note that Γ; ·; v1:var x1 . . . vn:var xn ` (Q)]trEE′ : trEE′.

The representation function implicit in Lemma 102 and its inverse in Lemma 103

form a bijection between equivalence classes (up to definitional equality of type labels)

of “almost” canonical forms for type family tr and informal translations. This is easily

proved by using inversion properties of the quasi-canonical judgements.

238

Chapter 16

CPS Analysis in OLF

In this chapter we show how an ordered logical framework supports the representation

of CPS terms and a machine for their evaluation. The ordering properties of CPS

terms which at first appear somewhat ad hoc are directly captured as typing prop-

erties in the representation that are preserved during evaluation. Complicated stack

invariants can be recognized as uniform substitution properties, providing an example

of how the organizing principles of a logical framework can contribute conceptually

to our understanding of object languages.

The rest of this chapter is organized as follows. In section 16.1 we review CPS

terms and their occurrence invariants. In section 16.2 we give a representation of CPS

terms in an ordered logical framework in which the occurrence invariants are implicit

in the ordered types. In sections 16.3, 16.4 and 16.5, we give representations of the

CPS transformation and different evaluation models for CPS terms. In section 16.6

we show how the relationship between the bare evaluation and stack evaluation of

a term can be formalized in OLF. We then use this formalization to give a proof

that the machines produce the same result. Finally we give some conclusions and

directions for further work in section 16.7.

16.1 CPS terms

In this section we review CPS terms and their ordering properties as investigated

in [15, 14].

239

We use the following syntax for direct style (DS) terms:

DS Roots r ::= e

DS Expressions e ::= e1 e2 | tDS Trivial Expressions t ::= λx. r | x

and for CPS terms:

Root Terms r ::= λk. e

Serious Terms e ::= t1 t2 c | c tTrivial Terms t ::= λx. r | x | vContinuation Terms c ::= λv. e | k

Note that in the CPS syntax, we are distinguishing trivial variables x which are

parameters of functions from trivial variables v which are parameters to continuations.

We formulate the left-to-right call-by-value CPS transform as three mutually re-

cursive judgements. A direct-style term r is transformed into a CPS term r′ whenever

the judgment

` r DR−→ r′

is satisfied. Given a CPS continuation c, a direct-style expression e is transformed

into a CPS expression e′ whenever the judgment

` e ; cDE−→ e′

is satisfied. Finally, a direct-style trivial expression t is transformed into a CPS trivial

expression t′ whenever the judgment

` t DT−→ t′

is satisfied.

` e ; kDE−→ e′

` e DR−→ λk. e′

` t DT−→ t′

` t ; cDE−→ c t′

` e2 ; λv2. v1 v2 cDE−→ e′2 ` e1 ; λv1. e

′2DE−→ e′

(v1 not free in conclusion)` e1 e2 ; c

DE−→ e′

240

` x DT−→ x

` r DR−→ r′

` λx. r DT−→ λx. r′

Terms resulting from a left-to-right call-by-value CPS translation of direct-style

terms satisfy properties in addition to the CPS syntax, both on occurrences of con-

tinuation identifiers k and the parameters v of continuations. In [15] the occurrence

properties on continuation identifiers and parameters are separately specified with

two judgment families. However these occurrences are tightly coupled and may be

naturally captured with just one family of judgments as follows. We shall use four

mutually recursive judgments

Root r Φ Exp e Φ Triv t Φ Cont c

where Φ is a stack of both continuation identifiers and parameters:

Φ ::= · | Φ, k | Φ, v

We have the following inference rules for these judgements:

k Exp e

Root λk. e

Φt Triv t Φc Cont c

ΦcΦt Exp c t

Φ1 Triv t1 Φ0 Triv t0 Φc Cont c

ΦcΦoΦ1 Exp t0 t1 c

· Triv x

Root r

· Triv λx. r v Triv v

k Cont k

Φ, v Exp e

Φ Cont λv. e

Our presentation is general enough to serve as a target for both Plotkin’s origi-

nal call-by-value CPS transform and a one-pass version which avoids administrative

redices.

It is easy to see that continuation identifiers, k, are used linearly in each root

term and that continuation parameters, v, form a stack during the processing of

each serious term. Furthermore, each k is used in a serious term only after all local

241

parameters to continuations are used. These properties can be precisely captured

with ordered types.

We next show how to prove that ` r DR−→ r′ implies Root r′ with the aid of an

ordered logical framework.

16.2 Ordered Logical Framework Representation

We will now show how the OLL type theory presented in Chapter 13 provides exactly

what is needed to capture and reason about the ordering properties of CPS terms.

For the sake of readability, we will elide an explicit type argument, A, for the labeling

operation, (−)]A; this should not cause any ambiguity since the necessary type will be

apparent from the context. Furthermore, we will use the notation A′→ A to stand

for Πx:A′. A when x does not appear free in A. Finally, since our representation will

not use linear hypotheses, we elide the linear context in all of our judgements.

16.2.1 DS Terms

Our representation of DS terms will use three basic types corresponding to the three

kinds of DS terms.

droot : type. dexp : type. dtriv : type.

We will then build our representations from term constructors corresponding to

DS terms. Note that representation uses higher-order abstract syntax, so object level

functions are represented by meta-level functions.

e2r : dexp→ droot.

dapp : dexp→ dexp→ dexp.

t2e : dtriv→ dexp.

dlam : (dtriv→ droot)→ dtriv.

Given the previous signature, there is an obvious compositional bijection between

DS terms and quasi-canonical objects in the above signature. This bijection is estab-

lished by the following mutually recursive representation functions, p−qR,p−qE,p−qT ,

and their inverses x−yR,x−yE,x−yT .

peqR = e2r peqE xe2rEyR = xEyE

242

pe0 e1qE = dapp pe0qE pe1qE xdappE0E1yE = xE0yE xE1yEptqE = d2e ptqT xd2eTyE = xTyT

pλx. rqT = dlam (λx. prqR) xdlam (λx. R)yT = λx. xRyRpxqT = x xxyT = x

Lemma 104

For every DS term e where Γ = x1:dtriv . . . xn:dtriv for each xi free in e:

1. Γ; ·; · ` peqR ⇑ droot

2. Γ; ·; · ` peqE ⇑ dexp

3. Γ; ·; · ` peqT ⇑ dtriv

Proof: By structural induction on e.

Lemma 105

1. Γ; ·; · ` Q ⇑ droot implies xQyR is a well-formed DS root.

2. Γ; ·; · ` Q ⇑ dexp implies xQyE is a well-formed DS expression.

3. Γ; ·; · ` Q ⇑ dexp implies xQyT is a well-formed DS trivial term.


16.2.2 CPS Terms

Our representation of CPS terms will use four basic types corresponding to the four

kinds of CPS terms.

root : type. exp : type. triv : type. cont : type.

We will then build our representations from term constructors corresponding to

CPS terms. The use of ordered types forces the CPS term representations to have

243

the linearity and ordering constraints noted at the end of section 16.1.

klam : (cont exp)→ root.

kapp : cont triv exp.

app : cont triv triv exp.

lam : (triv→ root)→ triv.

vlam : (triv exp) cont.

The intuition behind these type declarations may best be gleaned from the repre-

sentation function and its adequacy theorem below. Note that a positive occurrence

of an unrestricted function → as in the type of klam imposes a restriction on the

corresponding argument: it may not depend on the continuation k or parameters v.

On the other hand, a negative occurrence of → as in the type of lam licenses the un-

restricted use of the corresponding bound variable x. The right ordered functions impose the stack-like discipline on parameters of continuations and the continuations

themselves explained in the previous section.

Given the previous signature, there is a compositional bijection between CPS

terms satisfying the occurrence conditions and quasi-canonical objects in the above

signature. This bijection is established by the following representation function, p−qand its inverse x−y.

pλk. eq = klam (λ>kpeq) xklam (λ

>k. E)y = λk. xEy

pt0 t1 cq = app>pcq>pt0q

>pt1q xapp>C

>T0

>T1y = xT0y xT1y xCy

pc tq = kapp>pcq>ptq xkapp

>C

>Ty = xCy xTy

pλx. rq = lam (λx. prq) xlam (λx. R)y = λx. xRypxq = x xxy = x

pvq = v xvy = v

pλv. eq = vlam>

(λ>v. peq) xvlam

>(λ>v. E)y = λv. xEy

pkq = k xky = k

p·q = · x·y = ·pΦ, vq = pΦq, v:triv xΦ, v:trivy = xΦy, vpΦ, kq = pΦq, k:cont xΦ, k:conty = xΦy, k

Note that and xpuqy = u for any term u. Additionally, since variables are mapped to

variables, the representation function and its inverse are compositional (i.e., commute

with substitution).

244

We formally prove the correspondence in two parts.

Theorem 106 (Representations are Canonical Forms)

Consider terms r, e, and t with free ordinary variables among x1, . . . , xn and let

Γ = x1:triv . . . xn:triv.

1. If Root r then Γ; · ` prq ⇑ root.

2. If Φ Exp e then Γ; pΦq ` peq ⇑ exp.

3. If Φ Triv t then Γ; pΦq ` ptq ⇑ triv.

4. If Φ Cont c then Γ; pΦq ` pcq ⇑ cont.

Proof: By induction on the structure of the given derivations. We give a represen-

tative case.

case:

k Exp e

Root λk. e

Γ; k:cpair ` peq ⇑ exp ind. hyp.

Γ; · ` λ>k. peq ⇑ cpair exp I

Γ; · ` klam ↓ (cpair exp)→ root const

Γ; · ` klam (λ>k. peq) ⇑ root →E, coercion

Theorem 107 (Canonical Forms are Representations)

Let Γ = x1:triv, . . . , xn:triv be given.

1. For any Q such that Γ; · ` Q ⇑ root,

xQy is defined and Root xQy.

2. For any Ω = v1:triv . . . vn:triv and Q with Γ; k:cont,Ω ` Q ⇑ exp, xQy is defined

and k, xΩy Exp xQy.

3. For any Ω = v1:triv . . . vn:triv and Q such that Γ; Ω ` Q ⇑ triv,

xQy is defined and xΩy Triv xQy.

245

4. For any Ω = v1:triv . . . vn:triv and Q with Γ; k:cont,Ω ` Q ⇑ cont, xQy is defined

and k, xΩy Cont xQy.

Proof: By induction on the structure of the given canonical derivations. We give a

representative case.

case: Γ; · ` klam (λ>k. e) ⇑ root

Γ; · ` klam (λ>k. e) ↓ root inversion on coercion

Γ; · ` λ>k. e ⇑ cpair exp inversion on →E

Γ; k:cpair ` e ⇑ exp inversion on I

xey is defined, and k Exp xey ind. hyp.

Root λk. xey by definition

16.3 CPS Transform

We represent CPS transform with three basic types corresponding to the three judge-

ments of the transform.

cps r : droot→root→type. cps e : dexp→cont→exp→type. cps t : dtriv→triv→type.

We then use the following terms to construct representations of the CPS transform.

cps root : ΠE:dexp. ΠE′:cont exp.

(Πk:cont. cps eE k (E′>k))→ cps r (e2rE) (klamE′).

cps app : ΠE0:dexp. ΠE1:dexp. ΠC:cont. ΠE′1:triv exp. ΠE′:exp.

cps eE0 (vlam>E′1)E′→

(Πv0:triv. cps eE1 (vlam>λ>v1:triv. app

>C

>v0

>v1) (E′1

>v0))→

cps e (dappE0E1)C E′.

cps triv : ΠT :dtriv. ΠC:cont. ΠT ′:triv.

cps tT T ′→ cps e (t2eT )C (kapp>C

>T ′).

cps lam : ΠR:dtriv→ droot. ΠR′:triv→ root.

(Πx:dtriv. Πx′:triv. cps txx′→ cps r (Rx) (R′ x′))→cps t (dlamR) (lamR′).

246

We may now show the adequacy of above representation in two parts. In the infor-

mal translation we map variables x to themselves; in the formalization we map each

variable x from the direct-style term to a corresponding variable x′ in the continuation-

passing term. These variables and their relationship are captured in contexts

Γ = x1:dtriv . . . xn:dtriv

Γ′ = x′1:triv . . . x′n:triv

Γm = m1:cps tx1 x′1 . . .mn:cps txn x′n

which always occur together in this manner.

Theorem 108 (Representations are Canonical Forms) Let Γ∗ = Γ,Γ′,Γm be

a context of the form explained above that contains all free variables occurring in the

relevant judgment. Then

1. ` r DR−→ r′ implies ∃Q. Γ∗; · ` Q ⇑ cps r (prqR)] (pr′q)] and Root r′.

2. ` e ; cDE−→ e′ and Φ Cont c implies

∃Q. Γ∗, pΦq; ·; · ` Q ⇑ cps e (peqE)] (pcq)] (pe′q)] and Φ Exp e′.

3. ` t DT−→ t′ implies ∃Q. Γ∗; ·; · ` Q ⇑ cps t (ptqT )] (pt′q)] and · Triv t′.

Proof: By structural induction on the given derivation. We show a representative

case.

case:

` e2 ; λv2. v1 v2 cDE−→ e′2 ` e1 ; λv1. e

′2DE−→ e′

(v1 not free in conclusion)` e1 e2 ; c

DE−→ e′

Then

Φ Cont c assumption

v1 Triv v1 and v2 Triv v2 defn.

Φ, v1 Cont λv2. v1 v2 c defn.

(Γ∗, pΦq, v1:triv); · ` Q2 ⇑ cps e (pe2qE)] (vlam>λ>v2. app (pcq)] v1 v2) (pe′2q)]

and Φ, v1 Exp e′2 ind. hyp.

Γ∗; (pΦq, v1:triv) ` pe′2q ⇑ exp Theorem 106, Lemma 90

Γ∗; pΦq ` λ>v1. pe′2q ⇑ triv exp I

(Γ∗, pΦq); · ` λ>v1. pe′2q ⇑ triv exp Lemma 90

(Γ∗, pΦq); · ` λv1. Q2 ⇑

247

Πv1:triv. cps e (pe2qE)] (vlam>λ>v2. app (pcq)] v1 v2) (pe′2q)] ΠI

Φ Cont λv1. e′2 defn.

(Γ∗, pΦq); · ` Q1 ⇑ cps e (pe1qE)] (vlam>λ>v1. (pe′2q)]) (pe′q)]

and Φ Exp e′ ind. hyp.

(Γ∗, pΦq); · ` cps app pe1qE pe2qE pcq (λ>v1. pe′2q) pe′qQ1 (λv1. Q2) ⇑

cps e (dapp (pe1qE)] (pe2qE)]) (pcq)] (pe′q)] ΠE, coercion

Theorem 109 (Canonical Forms are Representations) Assume Γ only con-

tains variables of the following types: dtriv, triv, cps txx′ (for x, x′ in Γ), and cont.

Further assume the types below are canonical.

1. Γ; ·; · `M ⇑ cps rRR′ implies ` xRyR DR−→ xR′y.

2. Γ; ·; · `M ⇑ cps eE C E′ implies ` xEyE ; xCy DE−→ xE′y.

3. Γ; ·; · `M ⇑ cps tT T ′ implies ` xTyT DR−→ xT ′y.

Proof: By structural induction on the given canonical derivation. We give a repre-

sentative case.

case: Γ; · ` cps appE1E2C (λ>v1. E

′2)E

′D1 (λv1. D2) ⇑ cps e (dappE1E2)C E′

Then

Γ; · ` D1 ⇑ cps eE1 (vlam>

(λ>v1:triv. E′2))E′ inversion on ΠE

Note Γ; ·; · ` (λ>v1:triv. E′2)

>v1 = E′2 : exp

(Γ, v1:triv); · ` D2 ⇑cps eE2 (vlam

>(λ>v2:triv. app

>C

>v1

>v2))E′2 inversion on ΠE, ΠI

xE2yE;λv2. v1 v2 xCy DE−→ xE′2y ind. hyp.

xE1yE;λv1. E′2DE−→ xE′y ind. hyp.

Note v1 cannot be in Γ

xE2yE xE2yE; xPy DE−→ xE′y defn.

248

The adequacy of our representation implies that the terms resulting from a CPS

transformation satisfy the occurrence conditions of section 16.1.

` r DR−→ r′ implies Root r′.

It is also possible to represent a one-pass CPS transformation directly using third-

order constructors and still guarantee ordering properties for the results. A further

examination of this optimized translation is left as future work.

16.4 Bare Abstract Machine

We now begin extending our representation to include evaluation of CPS terms. We

will begin by showing a representation of a naive evaluator which makes no use of the

ordering invariants. The following is a bare abstract machine for CPS evaluation.

ÈxpB e → a

`RootB λk. e → a Èxp

B k t → t

ÈxpB e[t/v] → a

`RootB (λv. e) t → a

ÈxpB e[t/x][c/k] → a

`RootB (λx. λk. e) t c → a

Notice that this machine describes a regular big-step operational semantics for a

λ-calculus—every redex is reduced by a substitution.

We introduce two type constructors to represent bare evaluations:

evalrB : root→ triv→ type. evaleB : exp→ triv→ type.

Additionally, we introduce a new object to our signature for CPS terms:

ret : cont

ret1 will be substituted for the continuation identifiers, k, in bare evaluations. In order

to make the inverse representation function on objects well-defined, we augment it

1We chose the term ret for continuation identifiers since a continuation is not invoked until the

end of the current computation, thus it is like a return statement.

249

with a continuation identifier k when applied to a continuation term or a serious term:

xklam (λ>k. E)y = λk. xEyk

xapp>C

>T0

>T1yk = xT0y xT1y xCyk

xkapp>C

>Tyk = xCyk xTy

xlam (λx. R)y = λx. xRyxxy = x

xvy = v

xvlam>

(λ>v. E)yk = λv. xEykxkyk = k

xretyk = k

We use the following object constructors to represent bare evaluations:

evrB : ΠA:triv. ΠE:cont exp.

evaleB (E>

ret)A→ evalrB (klamE)A.

eveB 0 : ΠA:triv. evaleB (kapp>

ret>A)A.

eveB 1 : ΠA:triv. ΠT :triv. ΠE:triv exp.

evaleB (E>T )A→ evaleB (kapp

>(vlam

>E)

>T )A.

eveB app : ΠA:triv. ΠT :triv. ΠC:cont. ΠE:triv→ cont exp.

evaleB ((E T )>C)A→

evaleB (app>C

>(lam (λx:triv. klam (E x)))

>T )A.

We prove that our representation of bare evaluations is in bijective correspondence

with actual bare evaluations in two parts as follows.

Theorem 110 (Bare evaluations are canonical forms)

Assume r and e have no free x.

1. Root r, and `RootB r → a implies ∃Q. ·; · ` Q ⇑ evalrB (prq)] (paq)].

2. k Exp e, and ÈxpB e → a implies ∃Q. ·; · ` Q ⇑ evaleB (peq[ret/k])] (paq)].

Proof: By structural induction on the given canonical derivation.

case:

ÈxpB e[t/x][c/k] → a

ÈxpB (λx. λk. e) t c → a and k′ Exp (λx. λk. e) t c

Then

250

· Triv t and k Exp e and k′ Cont c inversion

·; · ` ptq ⇑ triv and x:triv; k:cont ` peq ⇑ exp and

·; k′:cont ` pcq ⇑ cont Theorem 106

·; · ` ptq ↓ triv and x:triv; k:cont ` peq ↓ exp and

·; k′:cont ` pcq ↓ cont inversion

·; k′:cont ` peq[ptq/x][pcq/k] ⇑ exp Lemma 95

k′ Exp e[t/x][c/k] Theorem 107

·; · ` Q ⇑ evaleB (pe[t/x][c/k]q[ret/k′])] (paq)] for some Q ind. hyp.

·; · ` eveB app paq ptq (pcq[ret/k′]) (λx. λ>k. peq)Q ⇑ ΠE

evaleB (app>

(pcq[ret/k′])]>

(lam λx:triv. klamλ>k:cont. (peq)])>(ptq)]) (paq)].

Theorem 111 (Canonical forms are bare evaluations)

1. ·; · ` Q ⇑ evalrB RA implies Root xRy and `RootB xRy → xAy.

2. ·; · ` Q ⇑ evaleB EA implies ÈxpB xEyk → xAy for any k.

Proof: By induction on the given canonical typing derivation making use of α-

conversion to allow choice of any k.

case: ·; · ` evrB AE D ⇑ evalr (klamE)A

Then

·; · ` E ⇑ cont exp and E = λ>k. E′ inversion

·; · ` D ⇑ evaleB (E′[ret/k])]A inversion

k Exp xE′[ret/k]yk and ÈxpB xE′[ret/k]yk → xAy ind. hyp.

Note xE′[ret/k]yk = xE′yk[xretky/k] = xE′yk.`RootB λk. xE′yk → xAy defn

In addition to proving that we really have represented bare evaluations, we have

also proved that bare evaluation preserves the ordering invariants of CPS terms. This

comes for free as a result of theorem 107.

251

16.5 Stack Abstract Machine

We now consider a more sophisticated evaluation model which makes use of the

ordering constraints on CPS terms. Rather than substituting for continuations and

continuation parameters, we can evaluate terms by keeping a stack of continuations

and their parameters and then effectively treating k and v as pop instructions.

We need stacks, φ, of both trivial terms and continuation terms for our stack

evaluator.

φ ::= · | φ, t | φ, c

We give a big step operational semantics for stack evaluation as follows:

• ÈxpSt e → a

`RootSt λk. e → a

φ `TrivSt t → a; •

φ ÈxpSt k t → a

φ `TrivSt t → t′;φ′, λv. e φ′, t′ Èxp

St e → a

φ ÈxpSt k t → a

φ `TrivSt t → t′;φ′ φ′, t′ Èxp

St e → a

φ ÈxpSt (λv. e) t → a

φ `TrivSt t1 → t;φ′ φ′ `Triv

St t0 → λx. λk. e;φ′′ φ′′ ÈxpSt e[t/x] → a

φ ÈxpSt t0 t1 k → a

φ `TrivSt t1 → t;φ′ φ′ `Triv

St t0 → λx. λk. e′;φ′′ φ′′, λv. e ÈxpSt e′[t/x] → a

φ ÈxpSt t0 t1 (λv. e) → a

φ `TrivSt λx. r → λx. r;φ φ, t `Triv

St v → t;φ

Notice that this machine only performs substitution to reduce redices between trivial

terms. Arguments to continuations are instead pushed onto the stack.

We show an OLF representation of the stack machine which uses the ordered

context to represent the stack. We introduce the following new type constructors for

representing stack evaluations:

evalrSt : root→ triv→ type. evaleSt : exp→ triv→ type. evalt : triv→ triv→ type.

252

Since we use the ordered context as a stack, we also need constructors which allow

us to put continuation terms and trivial terms into the ordered context:

cnt : cont→ type. var : triv→ type.

cnt and var will be used to represent continuation terms and trivial terms stored in

the stack. We also introduce a new object:

pop : triv

which will be substituted for the continuation parameters, v during stack evaluation.

As before we need to augment the inverse representation function with Φ as follows:

xklam (λ>k. E)y = λk. xEyk

xapp>C

>T0

>T1yΦΦ0Φ1 = xT0yΦ0 xT1yΦ1 xCyΦ

xkapp>C

>TyΦΦt = xCyΦ xTyΦt

xlam (λx. R)y· = λx. xRyxxy· = x

xvyv = v

xpopyv = v

xvlam>

(λ>v. E)yΦ = λv. xEyΦ,v

xkyk = k

xretyk = k

The inverse representation function is stated non-deterministically– the splittings for

Φ must be guessed. However, it is easy to see that the constraints on Φ in the

variable cases ensure there will be at most one correct splitting of Φ at any point in

the execution of the function.

253

We use the following term constructors to represent stack evaluations:

evrSt : ΠA:triv. ΠE:cont exp.

evaleSt (E>

ret)A→ evalrSt (klamE)A.

eveSt 0 : ΠA:triv. ΠT :triv.

evaltTA evaleSt (kapp>

ret>T )A.

eveSt 1 : ΠA:triv. ΠT :triv. ΠT ′:triv. ΠE:triv exp.

(varT ′ evaleSt (E>

pop)A)cnt (vlam

>E)

evaltT T ′evaleSt (kapp

>ret

>T )A.

eveSt 2 : ΠA:triv. ΠT :triv. ΠT ′:triv. ΠE:triv exp.

(varT ′ evaleSt (E>

pop)A)evaltT T ′evaleSt (kapp

>(vlam

>E)

>T )A.

eveSt app 0 : ΠA:triv. ΠT0:triv. ΠT1:triv. ΠT :triv. ΠE:triv→ cont exp.

evaleSt ((E T )>

ret)Aevalt T0 (lam λx:triv. klam (E x))evalt T1 TevaleSt (app

>ret

>T0

>T1)A.

eveSt app 1 : ΠA:triv. ΠT0:triv. ΠT1:triv. ΠE′:triv exp. ΠT :triv.

ΠE:triv→ cont exp.

(cnt (vlam>E′) evaleSt ((E T )

>ret)A)

evalt T0 (lam λx:triv. klam (E x))evalt T1 TevaleSt (app

>(vlam

>E′)

>T0

>T1)A.

evt lam : ΠR:triv→ root. evalt (lamR) (lamR).

evt vp : ΠT :triv. varT evalt pop T.

Note that this representation does not contain an explicit stack. Instead, the

ordered context of the type theory implicitly provides the representation of the eval-

uation machine’s stack. In order to prove our representations are in bijective corre-

254

spondence to stack evaluations, we need the following auxiliary definitions.

For any term u, |puq| denotes puq with all free k replaced by ret and all free v

replaced by pop.

We define validity for evaluation stacks, φ, with respect to Φ (as defined in sec-

tion 16.1) as follows:

E · : k· Triv t E φ : Φ

E (φ, t) : (Φ, v)

E φ : (Φ, k′,Φc) (k′,Φc) cont c

E (φ, c) : (Φ, k′,Φc, k)

T · : ·· Triv t T φ : Φ

T (φ, t) : (Φ, v)

Finally we need a representation function, and its inverse, for evaluation stacks.

p·q = · x·y = ·p(φ, t)q = pφq, vv:var ptq xΩ, vv:varTy = xΩy, xTy·p(φ, c)q = pφq, cv:cnt |pcq| xΩ, cv:cntCy = xΩy, xCyΦ

where we can construct Φ from the form of Ω as follows:

either Ω = Ω′, cv:cntC ′,ΩC and we construct Φ such that E xΩCy : Φ;

or cv:cntC ′ 6∈ Ω and we construct Φ such that E xΩy : Φ.

Theorem 112 (Stack evaluations are canonical forms) Assume all r, e, and t

have no free x.

1. `RootSt r → a and Root r implies ∃M. ·; · ` M ⇑ evalrSt prq paq.

2. φ ÈxpSt e → a and E φ : (Φ, k,Φe) (where 6∈ Φe) and (k,Φe) Exp e

implies

∃M. ·; pφq `M ⇑ evaleSt |peq| paq.

3. φ, φt `TrivSt t → a;φ and T φt : Φt and Φt Triv t implies

∃M. ·; pφtq ` M ⇑ evalt |ptq| paq.

Proof: By structural induction on the given derivations. In pt. 2, derivations of

T φ : Φ needed to apply the induction hypthesis are constructed by case analysis

on the relevant trivial term.

255

Theorem 113 (Canonical forms are stack evaluations)

1. ·; ·; · `M ⇑ evalrSt RA implies `RootSt xRy → xAy·.

2. ·; ·; Ω ` M ⇑ evaleStEA and E xΩy : Φ implies xΩy ÈxpSt xEyΦ → xAy·.

3. ·; ·; Ω ` M ⇑ evaltSt T A and T xΩy : Φ implies φ′, xΩy ÈxpSt xTyΦ → xAy·;φ′

for any φ′.

Proof: By structural induction on the given canonical derivations.

16.6 Bare and Stack Equivalence

In this section we show that the two evaluation models produce the same result. We

will carry out our proof inside OLF. Note that this is different from formally rep-

resenting a proof in OLF; instead we give an informal proof which happens to use

OLF. Danvy and Pfenning give a similar proof in [15] which acts directly on the bare

and stack machines. We note that carrying out this analysis on OLF representations

does not simplify the proof. However, it does show that OLF is expressive enough to

represent the main relation of Danvy and Pfenning’s proof as a type family. Further-

more, this representation has a direct computational interpretation as a logic program

following the operational interpretation of LF type families as logic programs [43].

We first define a relation which holds when a term evaluated by the stack machine

and a term evaluated by the bare machine will both evaluate to the same answer. We

define this relation as four OLF type families.

trans r : root→ root→ type. trans e : exp→ exp→ type.

trans t : triv→ triv→ type. trans c : cont→ cont→ type.

The first argument to each type family will be a term partially evaluated by the

stack machine, and the second argument will be a term partially evaluated by the bare

machine. The term constructors for these families specify when partially evaluated

terms are related. Partially evaluated terms are related if they are the same; pop is

related to a trivial term t if var t′ is the rightmost ordered hypothesis and t′ is related

to t; similarly, ret is related to a continuation term c if cnt c′ is the rightmost ordered

hypothesis and c′ is related to c.

256

trans klam : ΠE:cont exp. ΠE′:cont exp.

(Πk:cont. trans c k k trans e (E>k) (E′

>k))→

trans r (klamE) (klamE′)

trans app : ΠC:cont. ΠC ′:cont. ΠT0:triv. ΠE:triv→ cont exp. ΠT1:triv. ΠT ′1:triv.

trans cC C ′trans tT0 (lamλx:triv. klam λ

>k:cont. E x

>k)

trans tT1 T′1

trans e (app>C

>T0

>T1) (app

>C ′

>(lam λx:triv. klamλ

>k:cont. E x

>k)

>T ′1)

trans kapp : ΠC:cont. ΠC ′:cont. ΠT :triv. ΠT ′:triv.

trans cC C ′trans tT T ′trans e (kapp

>C

>T ) (kapp

>C ′

>T ′)

trans lam : ΠR:triv→ root. ΠR′:triv→ root.

(Πx:triv. trans txx→ trans r (Rx) (R′ x))→trans t (lamR) (lamR′)

trans pop : ΠT :triv.

trans tT T→var Ttrans t pop T

trans vlam : ΠE:triv exp. ΠE′:triv exp.

(Πv:triv. trans t v v trans e (E>v) (E′

>v))

trans c (vlam>E) (vlam

>E′)

trans ret : ΠE:triv exp. ΠE′:triv exp.

trans c (vlam>E′) (vlam

>E)

cnt (vlam>E′)

trans c ret (vlam>E).

trans init : trans c ret ret

In the rest of this section, all the outermost arguments explicit in the preceding

constructors are left implicit.

257

We next prove some elementary properties of this relation, or set of type families,

which are necessary to prove the main result, Theorem 119, which states that two

related terms evaluate, using their respective machines, to the same answer.

For any OLF quasi canonical term Q whose free variables of type triv range over

x1 . . . xn and v1 . . . vm we have the following definitions:

ΓQx = x1:triv, . . . , xn:triv ΓQxx = trans tx1 x1, . . . , trans txn xn

ΓQv = v1:triv, . . . , vm:triv ΩQv = trans t v1 v1, . . . , trans t vm vm

Our first lemma states that if two terms are related in a context which does not

contain variables of type var t nor of type cnt c, then the two terms are syntactically

equal.

Lemma 114

1. ΓRx ,ΓRxx; · ` Q ⇑ trans rRR′ implies R = R′.

2. ΓEx ,ΓExx, k:cont,ΓEv ; trans c k k,ΩE

v ` Q ⇑ trans eEE′ implies E = E′.

3. ΓTx ,ΓTxx,Γ

Tv ; ΩT

v ` Q ⇑ trans tT T ′ implies T = T ′.

4. ΓCx ,ΓCxx, k:cont,ΓCv ; trans c k k,ΩC

v ` Q ⇑ trans cC C ′ implies C = C ′.

Proof: By induction on the given derivation.

We now need a lemma which shows that terms are related to themselves.

Lemma 115

1. ΓRx ; · ` R ⇑ root implies ∃Q. ΓRx ,ΓRxx; · ` Q ⇑ trans rRR.

2. ΓEx ; k:cont,ΓEv ` E ⇑ exp implies ∃Q. ΓEx ,ΓExx, k:cont,ΓEv ; trans c k k,ΩE

v ` Q ⇑trans eEE.

3. ΓTx ; ΓTv ` T ⇑ triv implies ∃Q. ΓTx ,ΓTxx,Γ

Tv ; ΩT

v ` Q ⇑ trans tT T .

4. ΓCx ; k:cont,ΓCv ` C ⇑ cont implies ∃Q. ΓCx ,ΓCxx, k:cont,ΓCv ; trans c k k,ΩC

v `Q ⇑ trans cC C.

258


The next lemma contains two technical results. Trivial terms partially evaluated

by the bare machine are always related to themselves in an empty ordered context

since they contain no pop and only one ret (for the initial continuation). It also shows

that the information in the evaluation stack can be used to further evaluate a partially

stack evaluated trivial term to a bare evaluated trivial term, provided the two terms

are related.

Lemma 116

1. Γ; Ω ` Q ⇑ trans tT T ′ implies ∃Q′. Γ; · ` Q′ ⇑ trans tT ′ T ′

2. ·; Ω ` Q ⇑ trans tT T ′ implies ∃Q′. ·; Ω ` Q′ ⇑ evaltSt T T ′


The next two lemmas are essentially substitution lemmas for stack “variables”.

In the constructors for deciding if two partially evaluated terms are related, recursive

descent into functional terms (the trans klam, trans lam, and trans vlam) is achieved,

by generating a new parameter and applying it to both terms under the assumption

that the parameter is related to itself. The next lemmas state that we may substitute

actual terms into such parameters.

Lemma 117 In the following assume

Γ = x1:triv,m1:trans tx1 x1, . . . , xn:triv,mn:trans txn xn, k:cont, v1:triv, . . . , vm:triv;

and that ΩR only contains identifiers of types varX and at most one identifier of type

trans t vi vi for each vi in Γ.

1. Γ, v:triv; ΩL,m:trans t v v,ΩR ` Q ⇑ trans eEE′ and ·; · ` R ⇑ trans tT T

implies ∃Q′. Γ; ΩL,m′:varT,ΩR ` Q′ ⇑ trans e (E[pop/v]) (E′[T/v])

2. Γ, v:triv; ΩL,m:trans t v v,ΩR ` Q ⇑ trans cC C ′ and ·; · ` R ⇑ trans tT T

implies ∃Q′. Γ; ΩL,m′:varT,Ω′R ` Q′ ⇑ trans c (C[pop/v]) (C ′[T/v])

Proof: By induction on the major given derivation.

Assume ·; · ` R ⇑ trans tAA.

259

• case:

Γ, v:triv; ΩL,m:trans t v v,ΩR ` trans kapp>

RC>

RT ⇑ trans e (kapp>

C>

T ) (kapp>

C ′>

T ′)

Note that m must be consumed by either RC or RT .

– subcase:

Γ, v:triv; ΩL,m:trans t v v,ΩRL ` RC ⇑ trans cC C ′ and ΩR = ΩRLΩRR

Note v cannot occur free in T or T ′ trans t v v 6∈ Γ,ΩRR

Γ; ΩL,m′:varA,ΩRL ` R′C ⇑ trans c (C[pop/v]) (C ′[A/v])

for some R′C ind. hyp.

Γ; ΩL,m′:varA,ΩR ` trans kapp

>R′C

>RT ⇑

trans e (kapp>

(C[pop/v])>T ) (kapp

>(C ′[A/v])

>T ′) ΠE

– subcase:

Γ, v:triv; ΩLR,m:trans t v v,ΩR ` RT ⇑ trans tT T ′ and ΩL = ΩLLΩLR

ΩLR = · = ΩR and RT = m and T = v = T ′ inversion

Γ;m′:varA ` trans pop>R

>m′ ⇑ trans t popA ΠE

Note we can remove v:triv since v no longer occurs free in goal.

Γ; ΩLL,m′:varA ` trans kapp

>RC

>(trans pop

>R

>m′) ⇑

trans e (kapp>C

>pop) (kapp

>C ′

>A) ΠE

• case: trans app is similar.

• case:

Γ, v:triv; ΩL,m:trans t v v,ΩR ` trans vlam>

(λv′:triv. λ>m′:trans t v′ v′. RE) ⇑

trans c (vlam>λ>v′:triv. E) (vlam

>λ>v′:triv. E′)

Γ, v:triv, v′:triv; ΩL,m:trans t v v,ΩR,m′:trans t v′ v′ ` RE ⇑

trans eEE′ inversion

Γ, v′:triv; ΩL,m′′:varA,ΩR,m

′:trans t v′ v′ ` R′E ⇑trans e (E[pop/v]) (E′[A/v]) for some R′E ind. hyp.

Γ; ΩL,m′′:varA,ΩR ` trans vlam

>(λv′:triv. λ

>m′:trans t v′ v′. R′E) ⇑

trans c (vlam>λ>v′:triv. E[pop/v]) (vlam

>λ>v′:triv. E′[A/v]) ΠE

• No other cases.

260

Lemma 118 In the following assume

Γ = x1:triv,m1:trans tx1 x1, . . . , xn:triv,mn:trans txn xn, v1:triv, . . . , vm:triv;

and that Ω only contains identifiers of types varX and at most one identifier of type

trans t vi vi for each vi in Γ.

1. Γ, k:cont;m:trans c k k,Ω ` Q ⇑ trans eEE′ and ·; Ω′ ` R ⇑ trans cCsCb

implies ∃Q′. Γ; Ω′,m′:cntCs,Ω ` Q′ ⇑ trans e (E[ret/k]) (E′[Cb/k]).

2. Γ, k:cont;m:trans c k k,Ω ` Q ⇑ trans cC C ′ and ·; Ω′ ` R ⇑ trans cCsCb

implies ∃Q′. Γ; Ω′,m′:cntCs,Ω ` Q′ ⇑ trans c (C[ret/k]) (C ′[Cb/k]).

Proof: Similar to previous proof.

We can now prove the main theorem, that related terms evaluate to the same

result in both machines.

Theorem 119

1. ∃R. ·;` R ⇑ trans rRtRt′ implies

∃Q. ·; · ` Q ⇑ evalrStRtA iff ∃Q′. ·; · ` Q′ ⇑ evalrB Rt′A.

2. ∃R. ·; Ω ` R ⇑ trans eE E′ implies

∃Q. ·; Ω ` Q ⇑ evaleStE A iff ∃Q′. ·; · ` Q′ ⇑ evaleB E′A.

Proof: By induction on the given evaluation derivation.

Note that R determines which evaluation is being considered.

• case:·; · ` trans klam (λk:cont. λ

>m:trans c k k. RE) ⇑

trans r (klam λ>k:cont. E) (klam λ

>k:cont. E)

k:cont;m:trans c k k ` RE ⇑ trans eEE′ inversion

·; · ` RE[ret/k][trans init/m] ⇑ trans e (E[ret/k]) (E′[ret/k]) Lemma 95

Suppose ·; · ` evrStQE ⇑ evalrSt (klam λ>k:cont. E)A.

·; · ` QE ⇑ evaleSt (E[ret/k])A inversion

∃Q′E. ·; · ` Q′E ⇑ evaleB (E′[ret/k])A ind. hyp.

261

·; · ` evrB Q′E ⇑ evalrB (klam λ>k:cont. E′)A ΠE

Other direction is similar.

• case:

·; ΩCΩT ` trans kapp>

Rc>

RT ⇑ trans c (kapp>

C>

T ) (kapp>

C ′>

T ′)

·; ΩT ` RT ⇑ trans tT T ′ inversion

∃QT , RT ′. ·; ΩT ` QT ⇑ evaltSt T T ′ and

·; · ` RT ′ ⇑ trans tT ′ T ′ Lemma 116

– subcase: C = ret and ΩC = ·

C ′ = ret and RC = trans init inversion

·; ΩT ` eve 0St>QT ⇑ evaleSt (kapp

>ret

>T )T ′ and

·; · ` eve 0B ⇑ evaleB (kapp>

ret>T ′)T ′ ΠE

– subcase: C = ret and ΩC 6= ·

C ′ = vlam>λ>v:triv. E′ and

ΩC = ΩE ,m:cnt (vlam>λ>v:triv. E) and

RC = trans ret>

(trans vlam>λv:triv. λ

>mv:trans t v v. RE)

>m and

v:triv; ΩE,mv:trans t v v ` RE ⇑ trans eEE′ inversion

·; ΩE,m:cnt (vlam>λ>v:triv. E) ` eve 1St

>(λ>mT ′:var T ′. QE)

>m

>QT ⇑

evaleSt (kapp>

ret>T )A new assumption

·; ΩE,mT ′:varT ′ ` QE ⇑ evaleSt (E[pop/v])A inversion

∃R′E. ·; ΩE,mT ′:var T ′ ` R′E ⇑ trans e(E[pop/v]) (E′[T ′/v) Lemma 117

∃Q′E. ·; · ` Q′E ⇑ evaleB (E′[T ′/v])A ind. hyp.

·; · ` eve 1B Q′E ⇑ evaleB (kapp

>(vlam

>λ>v:triv. E′)

>T ′)A ΠE

Similar reasoning for the other direction.

– subcase: C = vlam>λ>v:triv. E

C ′ = vlam>λ>v:triv. E′ and

RC = trans vlam>λv:triv. λ

>mv:trans t v v. RE inversion

Then similar reasoning to previous applies.

262

• case:

·; ΩC,ΩT0,ΩT1 ` trans app>RC

>RT0

>RT1 ⇑

trans e (app>C

>T0

>T1) (app

>C ′

>(lam λx:triv. klamλ

>k:cont. E)

>T ′1)

·; ΩC ` RC ⇑ trans cC C ′ and

·; ΩT1 ` RT1 ⇑ trans tT1 T′1 and

·; ΩT0 ` RT0 ⇑ trans tT0 (lam λx:triv. klam λ>k:cont. E) inversion

·; · ` R′T1⇑ trans tT ′1 T

′1 and

·; · ` R′T0⇑

trans t(lamλx:triv. klam λ>k:cont. E) (lam λx:triv. klamλ

>k:cont. E)

for some R′T0and R′T1

Lemma 116

R′T0= inversion

trans lam (λx:triv. λmx:trans txx. trans klamλk:cont. λ>mk:trans c k k. RE)

x:triv,mx:trans txx, k:cont;mk:trans c k k ` RE ⇑ trans eEE inversion

k:cont;mk:trans c k k ` RE[T ′1/x][R′T1/mx] ⇑

trans e (E[T ′1/x])E([T ′1/x]) Lemma 95

Then similar reasoning to previous case,

using both lemma 117 and lemma 118, can be employed to complete the proof.

Note there are 2 subcases, C = ret and C = vlam>λ>v:triv. Ev.

Theorem 120 (Equivalence of Machine Representations)

∃M. ·; · `M ⇑ evalrStRA iff ∃M ′. ·; · ` M ′ ⇑ evalrB RA

Proof: Immediate from previous lemmas and theorems

We may now use Theorem 111 and Theorem 113 to transfer the result of Theo-

rem 120 back to the informal bare and stack evaluation machines.

16.7 Conclusion

We have shown that an ordered logical framework provides the necessary machinery

for a natural encoding of CPS terms satisfying the given occurrence invariants. We

263

have further shown that the framework is rich enough to allow a natural representa-

tion of stack-based evaluation. Furthermore we have seen that preservation of CPS

invariants under evaluation is then trivial to prove. We feel this in itself is significant

considering the difficulty involved in carrying out such representations in a framework

with no inherent notion of order. Dzafic [17] has shown how to represent system and

properties closely related to ours in LF, with considerable overhead since stacks and

the necessary substitution properties all have to be represented explicitly.

Finally, we mention that these techniques are easily extended to represent and rea-

son about other systems which rely upon an ordering of resources. For instance, [54]

extends the analysis, and results, of this chapter to a CPS transform which removes

explicit exceptions. We also strongly conjecture that both the analysis of evaluation

with first class continuations, carried out in [13], and the analysis of information flow

using ordered continuations in [62] can be naturally re-formulated in OLF.

264

Part IV

Conclusions

265

Chapter 17

Conclusions and Future Work

Ordered linear logic is a new logical formalism which conservatively extends (intuition-

istic) linear logic with ordered hypotheses– hypotheses which must be used exactly

once subject to the order in which they were assumed. The logic is constructed, in the

style of Martin-Lof, from the basic notion of a hypothetical judgement and its asso-

ciated substitution principle. Specifically, ordered linear logic results from combining

three different kinds of hypothetical judgements– unrestricted, linear, and ordered.

Ordered linear logic seems to have several advantages over other logical systems

which combine unrestricted, linear and ordered reasoning such as Non-Commutative

Logic [1, 57], cyclic linear logic [61], and pomset logic [56]. Since ordered linear

logic is intuitionistic and associates structural properties with formulas, rather than

contexts1, it is a simpler system than its counterparts. In fact, most of the proofs

of basic results (e.g., cut elimination, normalization, focussing, etc...) in this thesis

are straightforward extensions of those for linear logic. Proving similar properties for

Non-Commutative Logic has not turned out to be so easy, as evidenced by [5, 18].

Furthermore, since ordered linear logic is intuitionistic, it gives rise to a typed term

calculus which can be used as the basis of a logical framework.

While we have presented the basic system of ordered linear logic, there is much

room for further exploration. As mentioned in Section 2.7, there are other ways to

combine the three modes of reasoning present in the system. It seems quite likely that

a logical system which incorporates both formula-level and context-level structural

properties exists. This logic could be formulated as a sequent system with three

1as described in Section 2.7

267

context constructors and two modalities.

Another possibility for exploration involves making the ordered context circular.

Investigations of intuitionistic logics have typically only considered non-cyclic con-

texts, however it seems likely that a coherent intuitionistic logical system with a

circular context exists. Such a system would be quite different from ordered linear

logic, and probably would not be useful for the same applications; however a circular

context might also remove certain unsatisfactory situations such as the inability to

residuate ordered formulas.

Some other directions for exploration include the addition of a (multiplicative)

negation, i.e., ⊥; and the definition of a formal mathematical semantics for ordered

linear logic.

After presenting the basic system of ordered linear logic, we showed that proof

search in the logic behaves similarly to proof search in linear logic. In particular,

there is a readily identifiable uniform fragment of ordered linear logic which can

serve as the basis for a logic programming language, as well as a logical framework.

Ordered versions of these linear logic applications afford considerably more elegant

solutions than their linear counterparts. Specifically, the ordered context can be used

to implicitly represent simple data structures (e.g., stacks, queues), eliminating the

need to explicitly construct such structures at the term level.

For logic programming, this expressivity results in more elegant code than is pos-

sible using just unrestricted and/or linear hypotheses. Furthermore, shifting some

data structures to the logical level (as opposed to the term level) opens up the pos-

sibility of more efficient executions as compiler technology for ordered/linear logic

programming languages improves. For logical frameworks, it allows representations

using higher-order abstract syntax which would not be possible without ordered hy-

potheses; this in turn makes representation of meta-theoretic properties tractable.

For example, using LF (or linear LF), it is not feasible to completely represent the

equivalence between lambda terms represented via higher-order abstract syntax and

DeBruijn terms. However, the ordered logical framework permits a natural encoding

of DeBruijn terms which allows a straightforward encoding of the proof of equivalence

using the standard LF methodology.

There are, of course, limitations to what can be represented with the ordered

context. So far, we have only really used the ordered context as a stack, or a queue.

Furthermore, it only seems possible to have one logical queue or stack in a representa-

268

tion. Thus, an Olli program implementing an algorithm requiring two separate work

queues would need to represent one of the queues in the term level. On a slightly

different (though probably related) note, writing a meta-circular interpreter in Olli is

surprisingly difficult. The very natural approach which works for both (pure) λProlog

and Lolli breaks down for Olli. The problem lies in the inability to store informa-

tion in a formula about its position in the ordered context, which is necessary for

the meta-circular interpreter to correctly match the operational behavior of Olli and

maintain the ordering constraints. Writing a correct meta-circular interpreter seems

to require explicitly creating machinery to maintain the ordering constraints. A sim-

ilar difficulty arises when trying to formalize a proof of cut-elimination for ordered

linear logic in the ordered logical framework. In addition to investigating possible

solutions to the above mentioned problems, we would like to expand the range of

applications for ordered linear logic, which we feel is largely unexplored.

Finally, we note that a largely ignored aspect of this work is in applications of

the ordered lambda calculus. This dissertation has only employed ordered terms in

the logical framework setting. It would be interesting to explore direct applications

of the ordered lambda calculus.

269

270

Bibliography

[1] V. Michele Abrusci and Paul Ruet. Non-commutative logic I: The multiplicative

fragment. Annals of Pure and Applied Logic, 101(1):29–64, 1999.

[2] J.-M. Andreoli. Proposal for a Synthesis of Logic and Object-Oriented Program-

ming Paradigms. PhD thesis, University of Paris VI, 1990.

[3] J.-M. Andreoli. Logic programming with focusing proofs in linear logic. Journal

of Logic and Computation, 2(3):297–347, 1992.

[4] J.-M. Andreoli. Focussing and proof construction. Annals of Pure and Applied

Logic, 2000. to appear.

[5] Jean-Marc Andreoli and Roberto Maieli. Focusing and proof-nets in linear and

non-commutative logic. In Harald Ganzinger, David McAllester, and Andrei

Voronkov, editors, Proceedings of 6th International Conference on Logic Pro-

gramming and Automated Reasoning, pages 320–336, Tbilisi, Republic of Geor-

gia, September 1999. Springer-Verlag LNAI 1705.

[6] Henk P. Barendregt. Lambda calculi with types. In S. Abramsky, D. Gabbay,

and T.S.E. Maibaum, editors, Handbook of Logic in Computer Science, volume 2,

chapter 2, pages 117–309. Oxford University Press, 1992.

[7] G. M. Bierman. A note on full intuitionistic linear logic. Annals of Pure and

Applied Logic, 79(3):281–287, June 1996.

[8] C. Brown and D. Gurr. Relations and non-commutative linear logic. Techni-

cal Report DAIMI PB-372, Computer Science Department, Aarhus University,

November 1991.

[9] Iliano Cervesato. Proof-theoretic foundation of compilation in logic program-

ming languages. In J. Jaffar, editor, Proceedings of the 1998 Joint International

271

Conference and Symposium on Logic Programming (JICSLP’98), pages 115–129,

Manchester, UK, June 1998. MIT Press.

[10] Iliano Cervesato, Joshua S. Hodas, and Frank Pfenning. Efficient resource man-

agement for linear logic proof search. Theoretical Computer Science, 232:133–

163, 2000. Revised version of paper in the Proceedings of the 5th International

Workshop on Extensions of Logic Programming, Leipzig, Germany, March 1996.

[11] Iliano Cervesato and Frank Pfenning. A linear logical framework. Information

and Computation, 1999. To appear in the special issue with invited papers from

LICS’96, E. Clarke, editor.

[12] Alonzo Church. A formulation of the simple theory of types. Journal of Symbolic

Logic, 5:56–68, 1940.

[13] Olivier Danvy. Formalizing implementation strategies for first-class continua-

tions. In Programming Languages and Systems, The Proceedings of the 9th Eu-

ropean Symposium on Programming, volume 1782 of lncs, pages 88–103, 2000.

[14] Olivier Danvy, Belmina Dzafic, and Frank Pfenning. On proving syntactic prop-

erties of CPS programs. In Third International Workshop on Higher Order Op-

erational Techniques in Semantics (HOOTS’99), Paris, France, September 1999.

[15] Olivier Danvy and Frank Pfenning. The occurrence of continuation parameters

in CPS terms. Technical Report CMU-CS-95-121, Department of Computer

Science, Carnegie Mellon University, February 1995.

[16] Philippe de Groote. Partially commutative linear logic: sequent calculus and

phase semantics. In V.M. Abrusci and C. Casadio, editors, Proofs and Linguistic

Categories, Application of Logic to the Analysis and Implementation of Nat-

ural Language Proceedings 1996 Roma Workshop, pages 199–208. Cooperativa

Libraria Universitaria Editrice Bologna, 1996.

[17] Belmina Dzafic. Formalizing program transformations. Master’s thesis, DAIMI,

Department of Computer Science, University of Aarhus, Aarhus, Denmark, De-

cember 1998.

[18] Claudia Faggian. Proof construction and non-commutativity: a cluster calculus.

In Proceedings of the 2nd International ACM SIGPLAN Conference on Prin-

272

ciples and Practice of Declarative Programming (PPDP’00), Montreal,Canada,

September 2000.

[19] Jean Gallier. On Girard’s “candidats de reductibilite”. In Odifreddi, editor,

Logic and Computer Science, pages 123–203. Academic Press, 1990.

[20] Jean Gallier. Constructive logics. Part I: A tutorial on proof systems and typed

λ-calculi. Theoretical Computer Science, 110(2):249–339, 1993.

[21] J.-Y. Girard. Linear logic. Theoretical Computer Science, 50:1–102, 1987.

[22] J.A. Harland and David J. Pym. Resource-distribution via boolean constraints.

In W. McCune and G. Sutcliffe, editors, Proc. CADE-14, pages 222–236.

Springer-Verlag LNCS 1249, 1997.

[23] Robert Harper, Furio Honsell, and Gordon Plotkin. A framework for defining

logics. Journal of the Association for Computing Machinery, 40(1):143–184, Jan-

uary 1993.

[24] Robert Harper and Frank Pfenning. On equivalence and canonical forms in

the LF type theory. Technical Report CMU-CS-00-148, Department of Com-

puter Science, Carnegie Mellon University, July 2000. An extended abstract

appeared at Workshop on Logical Frameworks and Meta-Languages (LFM’99),

Paris, France, September 1999.

[25] Hugo Herbelin. Sequents qu’on calcule. PhD thesis, Universite Paris 7, January

1995.

[26] J. S. Hodas. Logic Programming in Intuitionistic Linear Logic: Theory, Design

and Implementation. PhD thesis, University of Pennsylvania, Department of

Computer and Information Science, 1994.

[27] J. S. Hodas and D. Miller. Logic programming in a fragment of intuitionistic

linear logic. Information and Computation, 110(2):327–365, 1994. Extended ab-

stract in the Proceedings of the Sixth Annual Symposium on Logic in Computer

Science, Amsterdam, July 15–18, 1991.

[28] Joshua S. Hodas and Naoyuki Tamura. lolliCOP - a linear logic encoding of a lean

connection-method theorem prover for first-order classical logic. In Proceedings

of the International Joint Conference on Automated Reasoning, pages 670–684,

Siena, Italy, June 2001.

273

[29] Martin Hofmann. Linear types and non-size-increasing polynomial time compu-

tation. In G. Longo, editor, Proceedings of the Fourteenth Annual Symposium

on Logic in Computer Science, pages 464–473, Trento, Italy, July 1999. IEEE

Computer Society Press.

[30] W.A. Howard. The formula-as-types notion of construction. In J.R. Hindley

and J.P. Seldin, editors, To H.B. Curry, Essays on Combinatory Logic, Lambda

Calculus, and Formalism. Academic Press, 1980.

[31] Twan Laan, Fairouz Kamareddine, and Rob Nederpelt. Refining the Barendregt

cube using parameters. In Herbert Kuchen and Kazunori Ueda, editors, Proceed-

ings of the 5th International Symposium on Functional and Logic Programming

(FLOPS’01), pages 375–389, Tokyo, Japan, March 2001. Springer-Verlag LNCS

2024.

[32] Joachim Lambek. The mathematics of sentence structure. American Mathemat-

ical Monthly, 65:363–386, 1958.

[33] Pablo Lopez and Ernesto Pimentel. Resource management in linear logic proof

search revisited. In Harald Ganzinger, David McAllester, and Andrei Voronkov,

editors, Proceedings of 6th International Conference on Logic Programming and

Automated Reasoning, pages 304–319, Tbilisi, Republic of Georgia, September

1999. Springer-Verlag LNAI 1705.

[34] Per Martin-Lof. Constructive mathematics and computer programming. In Logic,

Methodology and Philosophy of Science VI, pages 153–175. North-Holland, 1980.

[35] Dale Miller. A logic programming language with lambda-abstraction, function

variables, and simple unification. Journal of Logic and Computation, 1(4):497–

536, 1991.

[36] Dale Miller and Gopalan Nadathur. Higher-order logic programming. In Ehud

Shapiro, editor, Proceedings of the Third International Logic Programming Con-

ference, pages 448–462, London, June 1986.

[37] Dale Miller, Gopalan Nadathur, Frank Pfenning, and Andre Scedrov. Uniform

proofs as a foundation for logic programming. Annals of Pure and Applied Logic,

51:125–157, 1991.

274

[38] Gopalan Nadathur and Dustin J. Mitchell. System description: Teyjus—a

compiler and abstract machine based implementation of lambda prolog. In

H. Ganzinger, editor, Proceedings of the 16th International Conference on Auto-

mated Deduction (CADE-16), pages 287–291, Trento, Italy, July 1999. Springer-

Verlag LNCS.

[39] P. W. O’Hearn and J. C. Reynolds. From algol to polymorphic linear lambda-

calculus. Journal of the ACM, 47(1):167–223, January 2000.

[40] P.W. O’Hearn and D. J. Pym. The logic of bunched implications. Bulletin of

Symbolic Logic, 5(2):215–244, June 1999.

[41] Chris Okasaki. Breadth-first numbering: Lessons from a small exercise in al-

gorithm design. In Proceedings of International Conference on Functional Pro-

gramming, pages 131–136, September 2000.

[42] Remo Pareschi. Type-Driven Natural Language Analysis. PhD thesis, University

of Edinburgh, Edinburgh, Scotland, July 1989. Available as technical report

MS-CIS-89-45, Department of Computer and Information Sciences, University

of Pennsylvania.

[43] Frank Pfenning. Logic programming in the LF logical framework. In Gerard Huet

and Gordon Plotkin, editors, Logical Frameworks, pages 149–181. Cambridge

University Press, 1991.

[44] Frank Pfenning. Structural cut elimination in linear logic. Technical Report

CMU-CS-94-222, Department of Computer Science, Carnegie Mellon University,

December 1994.

[45] Frank Pfenning. Structural cut elimination. In D. Kozen, editor, Proceedings

of the Tenth Annual Symposium on Logic in Computer Science, pages 156–166,

San Diego, California, June 1995. IEEE Computer Society Press.

[46] Frank Pfenning. The practice of logical frameworks. In Helene Kirchner, editor,

Proceedings of the Colloquium on Trees in Algebra and Programming, pages 119–

134, Linkoping, Sweden, April 1996. Springer-Verlag LNCS 1059. Invited talk.

[47] Frank Pfenning. Computation and Deduction. Cambridge University Press, 2001.

In preparation. Draft from April 1997 available electronically.

275

[48] Frank Pfenning and Carsten Schurmann. System description: Twelf — a meta-

logical framework for deductive systems. In H. Ganzinger, editor, Proceedings of

the 16th International Conference on Automated Deduction (CADE-16), pages

202–206, Trento, Italy, July 1999. Springer-Verlag LNAI 1632.

[49] Jeff Polakow. Linear logic programming with an ordered context. In Proceedings

of the 2nd International ACM SIGPLAN Conference on Principles and Prac-

tice of Declarative Programming (PPDP’00), pages 68–79, Montreal,Canada,

September 2000.

[50] Jeff Polakow and Frank Pfenning. Ordered linear logic programming. Techni-

cal Report CMU-CS-98-183, Department of Computer Science, Carnegie Mellon

University, December 1998.

[51] Jeff Polakow and Frank Pfenning. Natural deduction for intuitionistic non-

commutative linear logic. In J.-Y. Girard, editor, Proceedings of the Fourth

International Conference on Typed Lambda Calculi and Applications (TLCA’99),

pages 295–309, l’Aquila, Italy, April 1999. Springer-Verlag LNCS 1581.

[52] Jeff Polakow and Frank Pfenning. Relating natural deduction and sequent calcu-

lus for intuitionistic non-commutative linear logic. In Andre Scedrov and Achim

Jung, editors, Proceedings of the 15th Conference on Mathematical Foundations

of Programming Semantics, pages 311–328, New Orleans, Louisiana, April 1999.

Electronic Notes in Theoretical Computer Science, Volume 20.

[53] Jeff Polakow and Frank Pfenning. Properties of terms in continuation passing

style in an ordered logical framework. In Workshop on Logical Frameworks and

Meta-Languages (LFM 2000), Santa Barbara, California, June 2000.

[54] Jeff Polakow and Kwangkeun Yi. Proving syntactic properties of exceptions

in an ordered logical framework. In Herbert Kuchen and Kazunori Ueda, edi-

tors, Proceedings of the 5th International Symposium on Functional and Logic

Programming (FLOPS’01), pages 61–77, Tokyo, Japan, March 2001. Springer-

Verlag LNCS 2024.

[55] D. Prawitz. Ideas and results in proof theory. In Jens Erik Fenstad, editor,

Proceedings of the 2nd Scandinavian Logic Symposium, pages 235–307, North

Holland, Amsterdam, June 1970.

276

[56] Christian Retore. Pomset logic: a non-commutative extension of classical lin-

ear logic. In Proceedings of the Second International Conference on Typed

Lambda Calculi and Applications (TLCA’97), pages 300–318. Springer-Verlag

LNCS 1210, 1997.

[57] P. Ruet. Non-commutative logic II : sequent calculus and phase semantics. Math-

ematical Structures in Computer Science, 10(2):277–312, 2000.

[58] Paul Ruet. Logique non-commutative et programmation concurrente par con-

traintes. PhD thesis, Universite Denis Diderot, Paris 7, 1997.

[59] Joseph Vanderwaart and Karl Crary. A simplified account of the metatheory of

linear LF. unpublished manuscript, 2000.

[60] P. Wadler. Linear types can change the world. In M. Broy and C. B. Jones,

editors, IFIP TC 2 Working Conference on Programming Concepts and Methods,

pages 561–581, Sea of Gallilee, Israel, April 1990. North-Holland.

[61] D.N. Yetter. Quantales and (non-commutative) linear logic. Journal of Symbolic

Logic, 55(1):41–64, 1990.

[62] Steve Zdancewic and Andrew C. Myers. Secure information flow and CPS. In

Proceedings of the 10th European Symposium on Programming (ESOP’01), pages

46–61. Springer-Verlag LNCS 2028, April 2001.

277

Documents

Ordered Linear Logic and Applicationsreports-archive.adm.cs.cmu.edu/anon/2001/CMU-CS-01-152.pdf · Linear logic was originally conceived as a classical logic. It is classical in the